Improper Filtering of Special Elements in org.webjars.npm:sequelize

CVE-2023-22578

org.webjars.npm:sequelize
sequelize
@sequelize/core

High

9.8/10

Summary

Due to improper attribute filtering in the sequalize js library attacker can perform SQL injections. This issue affects sequelize versions prior to 6.29.0, and 7.0.0-x prior to 7.0.0-alpha.9 and @sequelize/core versions prior to 7.0.0-alpha.20

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-790 - Improper Filtering of Special Elements

The software receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.

References

Advisory
Release Note
Pull request
Pull request
Advisory

Advisory Timeline

Published Feb 16, 2023

Improper Filtering of Special Elements in org.webjars.npm:sequelize

CVE-2023-22578

Summary

CWE-790 - Improper Filtering of Special Elements

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS