feathers-sequelize is vulnerable to SQL Injection attacks. A remote attacker is able to inject arbitrary queries through the $select
attribute in _find()
function due to improper input validations.
CPE | Name | Operator | Version |
---|---|---|---|
feathers-sequelize | le | 6.3.3 | |
feathers-sequelize | le | 6.3.3 |
csirt.divd.nl/cases/DIVD-2022-00020
csirt.divd.nl/cases/DIVD-2022-00020/
csirt.divd.nl/CVE-2022-2422
csirt.divd.nl/cves/CVE-2022-2422
csirt.divd.nl/cves/CVE-2022-2422/
csirt.divd.nl/DIVD-2022-00020
github.com/feathersjs-ecosystem/feathers-sequelize/commit/0f2d85f0b2d556f2b6c70423dcebdbd29d95e3dc
github.com/feathersjs-ecosystem/feathers-sequelize/pull/393