Sequelize
CVE-2023-22578
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1Blast Radius
ecosystem impact- 20 npm packages depend on sequelize (13 direct, 7 indirect)
Ecosystem-wide dependent count for version 6.29.0.
DescriptionNVD
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.
AnalysisAI
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-790. Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. Affected products include: Sequelizejs Sequelize.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Sequelize is a Node.js ORM tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no auth
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not bei
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helpe
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL c
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. Rated high severity (C
SQL injection in Sequelize prior to version 6.37.8 allows unauthenticated attackers to execute arbitrary SQL queries and
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclos
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used. Rated high severity
Same weakness CWE-790 – Improper Filtering of Special Elements
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today