18 matches found
EUVD-2022-7140
Malicious code in bioql PyPI...
CVE-2023-22580
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure...
Duplicate advisory: Sequelize - Unsafe fall-through in getWhereConditions
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vqfx-gj96-3w95. This link is maintained to preserve external references. Original Description Due to improper parameter filtering in the sequalize js library, can a attacker peform injection...
CVE-2023-22580
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure...
CVE-2023-22580
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure...
CVE-2023-22579 Sequalize - Unsafe fall-through in getWhereConditions
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection...
CVE-2023-22579 Sequalize - Unsafe fall-through in getWhereConditions
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection...
CVE-2023-22578 Sequalize - Default support for “raw attributes” when using parentheses
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...
CVE-2023-22578 Sequalize - Default support for “raw attributes” when using parentheses
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...
CVE-2023-22580 Sequalize - Bad query filtering leading to SQL errors
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure...
CVE-2023-22580 Sequalize - Bad query filtering leading to SQL errors
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure...
CVE-2023-22580
CVE-2023-22580 describes a vulnerability in the Sequelize JS library where improper input filtering can allow malicious queries to disclose sensitive information. The issue affects Sequelize (library/file level) and is associated with a confidentiality impact (per CVSS) without explicit exploit d...
CVE-2022-29823
Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...
CVE-2022-29823
Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...
Remote code execution
Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...
CVE-2022-29823
Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...
CVE-2022-29823 Feathers - Query “__proto__” is converted to real prototype
Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...
CVE-2022-29823
Feather-Sequelize’s cleanQuery method is the affected component. The vulnerability stems from insecure recursive filtering of query keys, enabling Remote Code Execution with the application’s privileges. The CVE-2022-29823 entry is supported by multiple sources (e.g., GHSA/Veracode/CVE lists) des...