CRITICAL🇬🇧 English

CVE-2023-22579

CVSS 9.9v3.1pub. 2023-02-16upd. 2024-11-21

Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Sequelizejs Sequelize

    APP
    Sequelizejs
    7.0.0< 6.28.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-25813CRITICAL10.0ten sam produkt

Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replace...

CVE-2023-22578CRITICAL10.0ten sam produkt

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.

CVE-2019-10749CRITICAL9.8ten sam produkt

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not bein...

CVE-2019-10748CRITICAL9.8ten sam produkt

Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path ke...

CVE-2019-10752CRITICAL9.8ten sam produkt

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.js...