3 matches found
CVE-2022-29822
CVE-2022-29822 involves a SQL injection risk in Feathers Sequelize. Multiple connected sources describe a flaw in the Feathersjs/Feathers-Sequelize stack where improper parameter filtering (notably in the _find path of index.js) allows attacker-controlled input to influence SQL queries. The vulne...
CVE-2022-29823
Feather-Sequelize’s cleanQuery method is the affected component. The vulnerability stems from insecure recursive filtering of query keys, enabling Remote Code Execution with the application’s privileges. The CVE-2022-29823 entry is supported by multiple sources (e.g., GHSA/Veracode/CVE lists) des...
CVE-2022-2422
CVE-2022-2422 describes a SQL injection in Feathers.js when using feathers-sequelize, caused by improper input validation in the library. Reports from multiple sources (NVD, Veracode, GHSA, OSV, CVE list) indicate a high/critical impact with potential remote exploitation via standard network vect...