GHSA-P9XR-7P9P-GPQX Feathers has a NoSQL Injection via WebSocket id Parameter in MongoDB Adapter

Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type checking on this argument. When the service uses the MongoDB adapter, these objects pass through getObjectId and land directly in the...

Feathers has a NoSQL Injection via WebSocket id Parameter in MongoDB Adapter

Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type checking on this argument. When the service uses the MongoDB adapter, these objects pass through getObjectId and land directly in the...

Feathers 授权问题漏洞

Feathers is a lightweight web framework developed by Feathers OpenSource. It is used to create APIs and real-time applications using TypeScript or JavaScript. In versions 5.0.0 to 5.0.42 of Feathers, there was an authorization vulnerability. This vulnerability stemmed from the OAuth service’s...

Feathers 安全漏洞

Feathers is a lightweight web framework developed by Feathers OpenSource. It is used to create APIs and real-time applications using TypeScript or JavaScript. There were security vulnerabilities in versions of Feathers 5.0.0 to 5.0.42. These vulnerabilities stemmed from the lack of type checking ...

CVE-2026-27193 Feathers exposes internal headers via unencrypted session cookie

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth servi...

CVE-2026-27191 Feathers: Open Redirect in OAuth callback enables account takeover

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority injection. This leads to...

Feathers 访问控制错误漏洞

Feathers is a lightweight web framework developed by Feathers OpenSource. It is used to create APIs and real-time applications using TypeScript or JavaScript. Feathers versions 5.0.39 and earlier have a security vulnerability related to access control. This vulnerability stems from the use of the...

Feathers 输入验证错误漏洞

Feathers is a lightweight web framework developed by Feathers OpenSource. It is used to create APIs and real-time applications using TypeScript or JavaScript. Feathers versions 5.0.39 and earlier contain a vulnerability related to input validation errors. This vulnerability arises from redirectin...

Feathers exposes internal headers via unencrypted session cookie

All HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth service stores the complete headers object in the session: javascript //...

Feathers has an origin validation bypass via prefix matching

The origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed origin. The getAllowedOrigin function checks if the Referer header starts with any allowed origin: javascript //...

Feathers 代码问题漏洞

Feathers is Feathers open source a lightweight Web framework. Used to create APIs and real-time applications using TypeScript or JavaScript. Feathers has a code issue vulnerability , the vulnerability stems from the socket handler does not catch invalid string conversion errors , which can cause...

feathers-sequelize 安全漏洞

feathers-sequelize is a Feathers Ecosystem open source Feathers database adapter for Sequelize. Feathers Ecosystem feathers-sequelize has a security vulnerability that stems from improper parameter filtering, which can be exploited by attackers for SQL injection...

Feathers SQL注入漏洞

Feathers is Feathers open source a lightweight Web framework. Used to create APIs and real-time applications using TypeScript or JavaScript . Feathers has a security vulnerability , the vulnerability stems from incorrect validation of user input...