Lucene search
Veracode Vulnerability DatabaseVERACODE:38123HistoryNov 20, 2022 - 11:38 a.m.
Prototype Pollution
2022-11-2011:38:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
feathers
sequelize
prototype pollution
cleanquery
recursive logic
query object
malicious properties
vulnerability
0.005 Low
EPSS
Percentile
77.4%
feathers-sequelize is vulnerable to prototype pollution. The vulnerability exists in the cleanQuery method due to the use of insecure recursive logic to filter unsupported keys from the query object, which allows an attacker to inject malicious properties resulting in prototype pollution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| feathers-sequelize | le | 6.3.2 | |
| feathers-sequelize | le | 6.3.2 |
Related
osv
osv
CVE-2022-29823
2022-10-26 10:15:16
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution
2022-10-26 12:00:28
nvd
nvd
CVE-2022-29823
2022-10-26 10:15:16
prion
prion
Remote code execution
2022-10-26 10:15:00
cvelist
cvelist
CVE-2022-29823 Feathers - Query “__proto__” is converted to real prototype
2022-10-25 00:00:00
github
github
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution
2022-10-26 12:00:28
cve
cve
CVE-2022-29823
2022-10-26 10:15:16