Skip to main content

Feathers Sequelize

3 CVEs product

Monthly

CVE-2022-2422 npm CRITICAL PATCH Act Now

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Feathers Sequelize
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-29823 npm CRITICAL PATCH Act Now

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Prototype Pollution Feathers Sequelize
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-29822 npm CRITICAL PATCH Act Now

Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Feathers Sequelize
NVD
CVSS 3.1
9.8
EPSS
0.7%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Feathers Sequelize
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Prototype Pollution Feathers Sequelize
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Feathers Sequelize
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy