Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2023-22579

High

8.8/10

Summary

Due to Improper Parameter filtering in the sequalize js library, can an attacker perform injection. This issue affects sequelize versionsthrough 6.28.0, and 7.0.0-x through 7.0.0-alpha.9 and @sequelize/core versions through 7.0.0-alpha.19. This has the same fix as CVE-2023-22580.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References

Advisory
Advisory
Pull request
Release Note
Pull request

Advisory Timeline

Published Feb 16, 2023

Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2023-22579

Summary

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS