EUVD-2022-7154

Malicious code in bioql PyPI...

feathers-sequelize 安全漏洞

feathers-sequelize is a Feathers Ecosystem open source Feathers database adapter for Sequelize. Feathersjs-ecosystem/feathers-sequelize has a security vulnerability , the vulnerability stems from improper attribute filtering , an attacker can use the vulnerability for SQL injection...

feathers-sequelize 安全漏洞

feathers-sequelize is a Feathers Ecosystem open source Feathers database adapter for Sequelize. Feathers Ecosystem feathers-sequelize has a security vulnerability that stems from improper parameter filtering, which can be exploited by attackers for SQL injection...

SQL Injection

feathers-sequelize is vulnerable to SQL Injection attacks. A remote attacker is able to inject arbitrary queries through the $select attribute in find function due to improper input validations...

SQL Injection

feathers-sequelize is vulnerable to sql injection attacks. The vulnerability exists in thefind function of index.js because the parameters are not properly filtered which allows an attacker to inject and execute arbitrary sql queries...

GHSA-5HQ7-J5WQ-P227 feathers-sequelize vulnerable to SQL injection due to improper parameter filtering

feathers-sequelize is vulnerable to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection...

@xrengine/analytics (>=0.4.11 <=5.0.0-beta3), @xrengine/server-core (>=0.4.11 <=5.0.0-beta3) potentially affected by CVE-2022-29823 via feathers-sequelize (=6.3.2)

feathers-sequelize NPM version =6.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on feathers-sequelize and may be impacted: - @xrengine/analytics =0.4.11, =0.4.11, =5.0.0-beta3 Source cves: CVE-2022-29823 Source advisory: OSV:GHSA-P5M3-27VH-52J4...

feathers-sequelize vulnerable to SQL injection due to improper parameter filtering

feathers-sequelize is vulnerable to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection...

@xrengine/analytics (>=0.4.11 <=5.0.0-beta3), @xrengine/server-core (>=0.4.11 <=5.0.0-beta3) potentially affected by CVE-2022-29822 via feathers-sequelize (=6.3.2)

feathers-sequelize NPM version =6.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on feathers-sequelize and may be impacted: - @xrengine/analytics =0.4.11, =0.4.11, =5.0.0-beta3 Source cves: CVE-2022-29822 Source advisory: OSV:GHSA-5HQ7-J5WQ-P227...

@xrengine/analytics (>=0.4.11 <=5.0.0-beta3), @xrengine/server-core (>=0.4.11 <=5.0.0-beta3) potentially affected by CVE-2022-2422 via feathers-sequelize (=6.3.2)

feathers-sequelize NPM version =6.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on feathers-sequelize and may be impacted: - @xrengine/analytics =0.4.11, =0.4.11, =5.0.0-beta3 Source cves: CVE-2022-2422 Source advisory: OSV:GHSA-QPV8-4PJQ-QQH7...

CVE-2022-2422

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used...

Sql injection

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used...

CVE-2022-2422

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used...

PT-2022-19856 · Unknown · Feathers-Sequelize

Name of the Vulnerable Software and Affected Versions: Feather-Sequelize affected versions not specified Description: The cleanQuery method in Feather-Sequelize uses insecure recursive logic to filter unsupported keys from the query object, resulting in a Remote Code Execution RCE with privileges...

CVE-2022-2422

CVE-2022-2422 describes a SQL injection in Feathers.js when using feathers-sequelize, caused by improper input validation in the library. Reports from multiple sources (NVD, Veracode, GHSA, OSV, CVE list) indicate a high/critical impact with potential remote exploitation via standard network vect...

PT-2022-16542 · Unknown · Feathers-Sequelize +1

Name of the Vulnerable Software and Affected Versions: Feathers js library affected versions not specified Description: The issue is related to improper input validation in the Feathers js library, which can lead to a SQL injection attack on the back-end database when the feathers-sequelize packa...

PT-2022-19855 · Unknown · Feathers-Sequelize

Name of the Vulnerable Software and Affected Versions: feathers-sequelize affected versions not specified Description: The issue is related to improper parameter filtering in the Feathers js library, which may lead to SQL injection. This could potentially allow attackers to inject malicious SQL...

CVE-2022-2422 Feathers - SQL injection via attribute aliases

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used...