EUVD-2022-7140

Malicious code in bioql PyPI...

Prototype Pollution

feathers-sequelize is vulnerable to prototype pollution. The vulnerability exists in the cleanQuery method due to the use of insecure recursive logic to filter unsupported keys from the query object, which allows an attacker to inject malicious properties resulting in prototype pollution...

Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution

Feather-Sequelize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...

GHSA-P5M3-27VH-52J4 Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution

Feather-Sequelize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...

CVE-2022-29823

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...

CVE-2022-29823

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...

Remote code execution

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...

Feathers 安全漏洞

Feathers is Feathers open source a lightweight Web framework. Used to create APIs and real-time applications using TypeScript or JavaScript. Feathers Feather-Sequalize security vulnerability , the vulnerability stems from the cleanQuery function uses insecure recursive logic , which can lead to...

CVE-2022-29823

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...

CVE-2022-29823 Feathers - Query “__proto__” is converted to real prototype

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...

PT-2022-19856 · Unknown · Feathers-Sequelize

Name of the Vulnerable Software and Affected Versions: Feather-Sequelize affected versions not specified Description: The cleanQuery method in Feather-Sequelize uses insecure recursive logic to filter unsupported keys from the query object, resulting in a Remote Code Execution RCE with privileges...

CVE-2022-29823

Feather-Sequelize’s cleanQuery method is the affected component. The vulnerability stems from insecure recursive filtering of query keys, enabling Remote Code Execution with the application’s privileges. The CVE-2022-29823 entry is supported by multiple sources (e.g., GHSA/Veracode/CVE lists) des...