PT-2023-18563 · Sequelize +1 · Sequelize +1

Name of the Vulnerable Software and Affected Versions: Sequelize versions prior to 6.28.1 Sequelize Core versions prior to 7.0.0.alpha-20 Description: The issue is due to improper parameter filtering in the Sequelize JS library, which can allow an attacker to perform injection. Providing an inval...

PT-2023-18565 · Sequelize · Sequelize

Name of the Vulnerable Software and Affected Versions: sequelize js library affected versions not specified Description: The issue is related to improper input filtering in the sequelize js library, which can lead to sensitive information disclosure when malicious queries are executed...

Prototype Pollution

feathers-sequelize is vulnerable to prototype pollution. The vulnerability exists in the cleanQuery method due to the use of insecure recursive logic to filter unsupported keys from the query object, which allows an attacker to inject malicious properties resulting in prototype pollution...

SQL Injection

feathers-sequelize is vulnerable to SQL Injection attacks. A remote attacker is able to inject arbitrary queries through the $select attribute in find function due to improper input validations...

SQL Injection

feathers-sequelize is vulnerable to sql injection attacks. The vulnerability exists in thefind function of index.js because the parameters are not properly filtered which allows an attacker to inject and execute arbitrary sql queries...

@xrengine/analytics (>=0.4.11 <=5.0.0-beta3), @xrengine/server-core (>=0.4.11 <=5.0.0-beta3) potentially affected by CVE-2022-29823 via feathers-sequelize (=6.3.2)

feathers-sequelize NPM version =6.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on feathers-sequelize and may be impacted: - @xrengine/analytics =0.4.11, =0.4.11, =5.0.0-beta3 Source cves: CVE-2022-29823 Source advisory: OSV:GHSA-P5M3-27VH-52J4...

@xrengine/analytics (>=0.4.11 <=5.0.0-beta3), @xrengine/server-core (>=0.4.11 <=5.0.0-beta3) potentially affected by CVE-2022-29822 via feathers-sequelize (=6.3.2)

feathers-sequelize NPM version =6.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on feathers-sequelize and may be impacted: - @xrengine/analytics =0.4.11, =0.4.11, =5.0.0-beta3 Source cves: CVE-2022-29822 Source advisory: OSV:GHSA-5HQ7-J5WQ-P227...

@xrengine/analytics (>=0.4.11 <=5.0.0-beta3), @xrengine/server-core (>=0.4.11 <=5.0.0-beta3) potentially affected by CVE-2022-2422 via feathers-sequelize (=6.3.2)

feathers-sequelize NPM version =6.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on feathers-sequelize and may be impacted: - @xrengine/analytics =0.4.11, =0.4.11, =5.0.0-beta3 Source cves: CVE-2022-2422 Source advisory: OSV:GHSA-QPV8-4PJQ-QQH7...

GHSA-QPV8-4PJQ-QQH7 feathers-sequelize contains improper input validation leading to SQL injection

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used...

Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution

Feather-Sequelize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...

feathers-sequelize vulnerable to SQL injection due to improper parameter filtering

feathers-sequelize is vulnerable to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection...

GHSA-P5M3-27VH-52J4 Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution

Feather-Sequelize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...

GHSA-5HQ7-J5WQ-P227 feathers-sequelize vulnerable to SQL injection due to improper parameter filtering

feathers-sequelize is vulnerable to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection...

CVE-2022-2422

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used...

Sql injection

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used...

CVE-2022-2422

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used...

CVE-2022-2422

CVE-2022-2422 describes a SQL injection in Feathers.js when using feathers-sequelize, caused by improper input validation in the library. Reports from multiple sources (NVD, Veracode, GHSA, OSV, CVE list) indicate a high/critical impact with potential remote exploitation via standard network vect...

PT-2022-16542 · Unknown · Feathers-Sequelize +1

Name of the Vulnerable Software and Affected Versions: Feathers js library affected versions not specified Description: The issue is related to improper input validation in the Feathers js library, which can lead to a SQL injection attack on the back-end database when the feathers-sequelize packa...

PT-2022-19855 · Unknown · Feathers-Sequelize

Name of the Vulnerable Software and Affected Versions: feathers-sequelize affected versions not specified Description: The issue is related to improper parameter filtering in the Feathers js library, which may lead to SQL injection. This could potentially allow attackers to inject malicious SQL...

PT-2022-19856 · Unknown · Feathers-Sequelize

Name of the Vulnerable Software and Affected Versions: Feather-Sequelize affected versions not specified Description: The cleanQuery method in Feather-Sequelize uses insecure recursive logic to filter unsupported keys from the query object, resulting in a Remote Code Execution RCE with privileges...