2 matches found
@xrengine/analytics (>=0.4.11 <=5.0.0-beta3), @xrengine/server-core (>=0.4.11 <=5.0.0-beta3) potentially affected by CVE-2022-29823 via feathers-sequelize (=6.3.2)
feathers-sequelize NPM version =6.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on feathers-sequelize and may be impacted: - @xrengine/analytics =0.4.11, =0.4.11, =5.0.0-beta3 Source cves: CVE-2022-29823 Source advisory: OSV:GHSA-P5M3-27VH-52J4...
CVE-2022-29823
Feather-Sequelize’s cleanQuery method is the affected component. The vulnerability stems from insecure recursive filtering of query keys, enabling Remote Code Execution with the application’s privileges. The CVE-2022-29823 entry is supported by multiple sources (e.g., GHSA/Veracode/CVE lists) des...