Skip to the content.

CVE-2023-22579 - Sequalize - Unsafe fall-through in getWhereConditions

CVE CVE-2023-22579
Discovered by
  • Thomas Rinsma and Kevin Valk
  • Thomas Rinsma and Kevin Valk (Codean)
Affected products
Product Affected Unaffected Unknown
Feathers-Sequalize Sequelize.js = Before v7.0.0-alpha.20
everything else
Page author Victor Pasman
CVSS Base score: 9.9 (CRITICAL)
Problem type(s) CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
Last modified 16 Feb 2023 10:09


Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.

JSON version