Lucene search
+L

7 matches found

vulnersOsv
vulnersOsv
added 2023/02/24 6:48 p.m.5 views

@galenjs/framework-next (>=1.0.0 <=1.7.0), @galenjs/models (>=1.1.11 <=1.7.0) +4 more potentially affected by CVE-2023-22578 via @sequelize/core (=7.0.0-alpha.10)

@sequelize/core NPM version =7.0.0-alpha.10 is affected by a known vulnerability. The following packages have a transitive dependency on @sequelize/core and may be impacted: - @galenjs/framework-next =1.0.0, =1.1.11, =0.0.2, =0.0.2, =0.0.30, =0.1.0, =0.1.1 Source cves: CVE-2023-22578 Source...

10CVSS7.2AI score0.00831EPSS
Exploits0
OSV
OSV
added 2023/02/24 6:48 p.m.58 views

GHSA-F598-MFPV-GMFX Sequelize - Default support for “raw attributes” when using parentheses

Impact Sequelize 6.28.2 and prior has a dangerous feature where using parentheses in the attribute option would make Sequelize use the string as-is in the SQL ts User.findAll attributes: 'countid', 'count' ; Produced sql SELECT countid AS "count" FROM "users" Patches This feature was deprecated i...

10CVSS9.3AI score0.00831EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2023/02/24 6:48 p.m.97 views

Sequelize - Default support for “raw attributes” when using parentheses

Impact Sequelize 6.28.2 and prior has a dangerous feature where using parentheses in the attribute option would make Sequelize use the string as-is in the SQL ts User.findAll attributes: 'countid', 'count' ; Produced sql SELECT countid AS "count" FROM "users" Patches This feature was deprecated i...

10CVSS8.8AI score0.00831EPSS
Exploits0References9Affected Software2
Vulnrichment
Vulnrichment
added 2023/02/16 2:11 p.m.5 views

CVE-2023-22578 Sequalize - Default support for “raw attributes” when using parentheses

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...

10CVSS7.2AI score0.00831EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/16 2:11 p.m.55 views

CVE-2023-22578 Sequalize - Default support for “raw attributes” when using parentheses

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...

10CVSS9.8AI score0.00831EPSS
Exploits0References2
CVE
CVE
added 2023/02/16 2:11 p.m.141 views

CVE-2023-22578

CVE-2023-22578 affects the Sequelize JavaScript ORM. The issue is caused by improper attribute filtering, enabling a remote attacker to execute SQL injections via crafted queries that can view, add, modify, or delete data in the back-end database. Documented impacts in the IBM/Red Hat/OSS advisor...

10CVSS9.6AI score0.00831EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/16 2:11 p.m.43 views

CVE-2023-22578 Sequalize - Default support for “raw attributes” when using parentheses

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...

10CVSS7.2AI score0.00831EPSS
Exploits0References4
Rows per page
Query Builder