7 matches found
@galenjs/framework-next (>=1.0.0 <=1.7.0), @galenjs/models (>=1.1.11 <=1.7.0) +4 more potentially affected by CVE-2023-22578 via @sequelize/core (=7.0.0-alpha.10)
@sequelize/core NPM version =7.0.0-alpha.10 is affected by a known vulnerability. The following packages have a transitive dependency on @sequelize/core and may be impacted: - @galenjs/framework-next =1.0.0, =1.1.11, =0.0.2, =0.0.2, =0.0.30, =0.1.0, =0.1.1 Source cves: CVE-2023-22578 Source...
GHSA-F598-MFPV-GMFX Sequelize - Default support for “raw attributes” when using parentheses
Impact Sequelize 6.28.2 and prior has a dangerous feature where using parentheses in the attribute option would make Sequelize use the string as-is in the SQL ts User.findAll attributes: 'countid', 'count' ; Produced sql SELECT countid AS "count" FROM "users" Patches This feature was deprecated i...
Sequelize - Default support for “raw attributes” when using parentheses
Impact Sequelize 6.28.2 and prior has a dangerous feature where using parentheses in the attribute option would make Sequelize use the string as-is in the SQL ts User.findAll attributes: 'countid', 'count' ; Produced sql SELECT countid AS "count" FROM "users" Patches This feature was deprecated i...
CVE-2023-22578 Sequalize - Default support for “raw attributes” when using parentheses
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...
CVE-2023-22578 Sequalize - Default support for “raw attributes” when using parentheses
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...
CVE-2023-22578
CVE-2023-22578 affects the Sequelize JavaScript ORM. The issue is caused by improper attribute filtering, enabling a remote attacker to execute SQL injections via crafted queries that can view, add, modify, or delete data in the back-end database. Documented impacts in the IBM/Red Hat/OSS advisor...
CVE-2023-22578 Sequalize - Default support for “raw attributes” when using parentheses
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...