CVE-2023-22580

Sequalize - Bad query filtering leading to SQL errors

CVE CVE-2023-22580
Title Sequalize - Bad query filtering leading to SQL errors
Credits
  • Thomas Rinsma and Kevin Valk (Codean) (finder)
  • Victor Pasman (DIVD) (analyst)
Affected products
Product Affected Unaffected Unknown
Feathers-Sequalize Sequelize.js = before v7.0.0-alpha.20 ()
everything else
CVSS Base score: 5.3 (MEDIUM)
References
Problem type(s) CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Date published
Last modified

Description

Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.

JSON version.