2 matches found
@xrengine/analytics (>=0.4.11 <=5.0.0-beta3), @xrengine/server-core (>=0.4.11 <=5.0.0-beta3) potentially affected by CVE-2022-2422 via feathers-sequelize (=6.3.2)
feathers-sequelize NPM version =6.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on feathers-sequelize and may be impacted: - @xrengine/analytics =0.4.11, =0.4.11, =5.0.0-beta3 Source cves: CVE-2022-2422 Source advisory: OSV:GHSA-QPV8-4PJQ-QQH7...
CVE-2022-2422
CVE-2022-2422 describes a SQL injection in Feathers.js when using feathers-sequelize, caused by improper input validation in the library. Reports from multiple sources (NVD, Veracode, GHSA, OSV, CVE list) indicate a high/critical impact with potential remote exploitation via standard network vect...