CVE-2023-22579

Sequalize - Unsafe fall-through in getWhereConditions

CVE CVE-2023-22579
Title Sequalize - Unsafe fall-through in getWhereConditions
Credits
  • Thomas Rinsma and Kevin Valk (Codean) (finder)
Affected products
Product Affected Unaffected Unknown
Feathers-Sequalize Sequelize.js = Before v7.0.0-alpha.20 ()
everything else
CVSS Base score: 9.9 (CRITICAL)
References
Problem type(s) CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
Date published
Last modified

Description

Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.

JSON version.