Type Confusion

sequelize is vulnerable to Type Confusion. A remote attacker is able to inject malicious content due to improper parameter filtering, which results in type confusion, leading to code injection...

SQL Injection

sequelize is vulnerable to SQL Injection attacks. A specifically crafted attack statement through query-generator.js allows a malicious user to inject and execute arbitrary SQL queries on the target system due to improper attribute filtering...

@galenjs/framework-next (>=1.0.0 <=1.7.0), @galenjs/models (>=1.1.11 <=1.7.0) +4 more potentially affected by CVE-2023-22580 via @sequelize/core (=7.0.0-alpha.10)

@sequelize/core NPM version =7.0.0-alpha.10 is affected by a known vulnerability. The following packages have a transitive dependency on @sequelize/core and may be impacted: - @galenjs/framework-next =1.0.0, =1.1.11, =0.0.2, =0.0.2, =0.0.30, =0.1.0, =0.1.1 Source cves: CVE-2023-22580 Source...

12g (=0.0.27), 1st-project (=1.0.2) +2909 more potentially affected by CVE-2023-22580 via sequelize (>=1.0.2 <=6.28.0)

sequelize NPM version =1.0.2, =0.0.1, =0.0.2, =0.0.1, =1.2.3, =1.0.0, =0.5.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.0.0, =2.0.1 - @aapokiiso/hsl-congestion-route-pattern-repository =1.0.0 and more Source cves: CVE-2023-22580 Source advisory: OSV:GHSA-8C25-F3MJ-V6H8...

Duplicate advisory: Sequelize vulnerable to Improper Filtering of Special Elements

Duplicate advisory This advisory has been withdrawn because it is a duplicate of GHSA-f598-mfpv-gmfx. This link is maintained to preserve external references. Original Description Due to improper attribute filtering in the sequelize js library, an attacker can peform SQL injections. This issue ca...

Sequelize information disclosure vulnerability

Due to improper input filtering in the sequelize js library, can malicious queries lead to sensitive information disclosure...

GHSA-R3VQ-92C6-3MQF Duplicate advisory: Sequelize - Unsafe fall-through in getWhereConditions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vqfx-gj96-3w95. This link is maintained to preserve external references. Original Description Due to improper parameter filtering in the sequalize js library, can a attacker peform injection...

GHSA-8C25-F3MJ-V6H8 Sequelize information disclosure vulnerability

Due to improper input filtering in the sequelize js library, can malicious queries lead to sensitive information disclosure...

GHSA-8MWQ-MJ73-QV68 Duplicate advisory: Sequelize vulnerable to Improper Filtering of Special Elements

Duplicate advisory This advisory has been withdrawn because it is a duplicate of GHSA-f598-mfpv-gmfx. This link is maintained to preserve external references. Original Description Due to improper attribute filtering in the sequelize js library, an attacker can peform SQL injections. This issue ca...

CVE-2023-22579

Due to improper parameter filtering in the sequalize js library, can a attacker peform injection...

CVE-2023-22578

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...

CVE-2023-22579

Due to improper parameter filtering in the sequalize js library, can a attacker peform injection...

CVE-2023-22578

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...

Sql injection

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...

Input validation

Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure...

CVE-2023-22579

CVE-2023-22579 concerns Sequelize (Node.js ORM). The related docs point to a type-confusion/unsafe fall-through in getWhereConditions that can bypass parameter filtering, enabling an attacker to execute arbitrary code under certain conditions. Affected component: Sequelize runtime; core issue is ...

CVE-2023-22578

CVE-2023-22578 affects the Sequelize JavaScript ORM. The issue is caused by improper attribute filtering, enabling a remote attacker to execute SQL injections via crafted queries that can view, add, modify, or delete data in the back-end database. Documented impacts in the IBM/Red Hat/OSS advisor...

PT-2023-18562 · Sequelize · Sequelize

Name of the Vulnerable Software and Affected Versions: Sequelize versions prior to 6.29.0 Sequelize versions prior to 7.0.0.alpha-20 Description: The issue is due to improper attribute filtering in the Sequelize JS library, allowing an attacker to perform SQL injections. This can be exploited whe...

feathers-sequelize 安全漏洞

feathers-sequelize is a Feathers Ecosystem open source Feathers database adapter for Sequelize. Feathersjs-ecosystem/feathers-sequelize has a security vulnerability , the vulnerability stems from improper attribute filtering , an attacker can use the vulnerability for SQL injection...

feathers-sequelize 安全漏洞

feathers-sequelize is a Feathers Ecosystem open source Feathers database adapter for Sequelize. Feathers Ecosystem feathers-sequelize has a security vulnerability that stems from improper parameter filtering, which can be exploited by attackers for SQL injection...