Skip to the content.

CVE-2023-22580 - Sequalize - Bad query filtering leading to SQL errors

CVE CVE-2023-22580
Discovered by
  • Thomas Rinsma and Kevin Valk
Affected products
Product Affected Unaffected Unknown
Feathers-Sequalize Sequelize.js = before v7.0.0-alpha.20
everything else
Page author Victor Pasman
CVSS Base score: 5.3 (MEDIUM)
Problem type(s) CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Last modified 16 Feb 2023 10:09


Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.

JSON version