Lucene search
Veracode Vulnerability DatabaseVERACODE:37735HistoryNov 01, 2022 - 6:15 a.m.
SQL Injection
2022-11-0106:15:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
feathers-sequelize
sql injection
input validation
0.002 Low
EPSS
Percentile
55.3%
feathers-sequelize is vulnerable to SQL Injection attacks. A remote attacker is able to inject arbitrary queries through the $select attribute in _find() function due to improper input validations.
| CPE | Name | Operator | Version |
|---|---|---|---|
| feathers-sequelize | le | 6.3.3 | |
| feathers-sequelize | le | 6.3.3 |
References
csirt.divd.nl/cases/DIVD-2022-00020
csirt.divd.nl/cases/DIVD-2022-00020/
csirt.divd.nl/CVE-2022-2422
csirt.divd.nl/cves/CVE-2022-2422
csirt.divd.nl/cves/CVE-2022-2422/
csirt.divd.nl/DIVD-2022-00020
github.com/feathersjs-ecosystem/feathers-sequelize/commit/0f2d85f0b2d556f2b6c70423dcebdbd29d95e3dc
github.com/feathersjs-ecosystem/feathers-sequelize/pull/393
Related
prion
prion
Sql injection
2022-10-26 10:15:00
nvd
nvd
CVE-2022-2422
2022-10-26 10:15:16
cve
cve
CVE-2022-2422
2022-10-26 10:15:16
osv
osv
CVE-2022-2422
2022-10-26 10:15:16
cvelist
cvelist
CVE-2022-2422 Feathers - SQL injection via attribute aliases
2022-10-25 00:00:00
github
github