GoogleOSV:GHSA-QPV8-4PJQ-QQH7feathers-sequelize contains improper input validation leading to SQL injection
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.3%
Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.
| CPE | Name | Operator | Version |
|---|---|---|---|
| feathers-sequelize | ge | 6.0.0 | |
| feathers-sequelize | lt | 6.3.4 |
References
csirt.divd.nl/cases/DIVD-2022-00020
csirt.divd.nl/CVE-2022-2422
csirt.divd.nl/cves/CVE-2022-2422
csirt.divd.nl/DIVD-2022-00020
github.com/feathersjs-ecosystem/feathers-sequelize
github.com/feathersjs-ecosystem/feathers-sequelize/commit/0f2d85f0b2d556f2b6c70423dcebdbd29d95e3dc
nvd.nist.gov/vuln/detail/CVE-2022-2422
Related
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.3%