Feathers Security Vulnerabilities
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = ${{ toString: '' }} which would cause the NodeJS process to crash when sending an unexpected...
7.5CVSS
7.5AI Score
0.001EPSS
Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is...
10CVSS
9.7AI Score
0.002EPSS
Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of...
10CVSS
9.6AI Score
0.005EPSS
Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL...
10CVSS
9.7AI Score
0.002EPSS