feathers-sequelize
npm3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting feathers-sequelizepage 1 of 1
- CVE-2022-2422CRITICALCVSS 10.0EG 10.0✓ Fixed in 6.3.42022-10-26
Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.
- CVE-2022-29822CRITICALCVSS 10.0EG 10.0✓ Fixed in 6.3.42022-10-26
Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection
- CVE-2022-29823CRITICALCVSS 10.0EG 10.0✓ Fixed in 6.3.32022-10-26
Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.
Check whether feathers-sequelize is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for feathers-sequelize CVEs against the assets you own.
Start Free Scan →