npm package
feathers-sequelize
pkg:npm/feathers-sequelize
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-2422 | Cri | 10.0 | >= 6.0.0, < 6.3.4 | 6.3.4 | Oct 26, 2022 | Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. | |
| CVE-2022-29823 | Cri | 10.0 | >= 6.0.0, < 6.3.3 | 6.3.3 | Oct 26, 2022 | Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application. | |
| CVE-2022-29822 | Cri | 10.0 | >= 6.0.0, < 6.3.4 | 6.3.4 | Oct 26, 2022 | Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection |
- affected >= 6.0.0, < 6.3.4fixed 6.3.4
Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.
- affected >= 6.0.0, < 6.3.3fixed 6.3.3
Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.
- affected >= 6.0.0, < 6.3.4fixed 6.3.4
Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection