GHSA-8mwq-mj73-qv68

Опубликовано: 16 фев. 2023

Источник: github

Github: Прошло ревью

CVSS3: 10

Описание

Duplicate advisory: Sequelize vulnerable to Improper Filtering of Special Elements

Duplicate advisory

This advisory has been withdrawn because it is a duplicate of GHSA-f598-mfpv-gmfx. This link is maintained to preserve external references.

Original Description

Due to improper attribute filtering in the sequelize js library, an attacker can peform SQL injections. This issue can be mitigated by not accepting untrusted input.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2023-22578
https://csirt.divd.nl/CVE-2023-22578
https://csirt.divd.nl/DIVD-2022-00020
https://github.com/sequelize/sequelize/discussions/15694
https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20

Пакеты

Наименование

@sequelize/core

npm

Затронутые версииВерсия исправления

< 7.0.0-alpha.20

7.0.0-alpha.20

Наименование

sequelize

npm

Затронутые версииВерсия исправления

<= 6.28.2

6.29.0

10 Critical

CVSS3

Дефекты

CWE-790

10 Critical

CVSS3

Дефекты

CWE-790