Sequelize
CVE-2023-22579
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1Blast Radius
ecosystem impact- 3 npm packages depend on sequelize (3 direct, 0 indirect)
Ecosystem-wide dependent count for version 6.28.1.
DescriptionNVD
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.
AnalysisAI
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Access of Resource Using Incompatible Type (Type Confusion) (CWE-843), which allows attackers to execute arbitrary code by exploiting type confusion in the application. Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. Affected products include: Sequelizejs Sequelize.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Enforce strict type checking, use type-safe languages, validate object types before operations.
Sequelize is a Node.js ORM tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no auth
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not bei
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helpe
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL c
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. Rated critical sev
SQL injection in Sequelize prior to version 6.37.8 allows unauthenticated attackers to execute arbitrary SQL queries and
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclos
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used. Rated high severity
Same technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today