← Back

CVE-2023-22580

nvd nist
Published: Feb 16, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.

Affected (26)

Sequelizejs
1 product
Sequelize
Configuration A
26 vulnerable
Vulnerable SoftwareAffected Versions
Sequelizejs
Sequelize
Before 6.28.1
Sequelize
Version 7.0.0 alpha10
Sequelize
Version 7.0.0 alpha11
Sequelize
Version 7.0.0 alpha12
Sequelize
Version 7.0.0 alpha13
Sequelize
Version 7.0.0 alpha14
Sequelize
Version 7.0.0 alpha15
Sequelize
Version 7.0.0 alpha16
Sequelize
Version 7.0.0 alpha17
Sequelize
Version 7.0.0 alpha18
Sequelize
Version 7.0.0 alpha19
Sequelize
Version 7.0.0 alpha1
Sequelize
Version 7.0.0 alpha2.1
Sequelize
Version 7.0.0 alpha2.2
Sequelize
Version 7.0.0 alpha2
Sequelize
Version 7.0.0 alpha3
Sequelize
Version 7.0.0 alpha4
Sequelize
Version 7.0.0 alpha5
Sequelize
Version 7.0.0 alpha6
Sequelize
Version 7.0.0 alpha7
Sequelize
Version 7.0.0 alpha8
Sequelize
Version 7.0.0 alpha9
Sequelize
Version 7.0.0 oc_test_1
Sequelize
Version 7.0.0 oc_test_2
Sequelize
Version 7.0.0 oc_test_3
Sequelize
Version 7.0.0 oc_test_4

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: csirt@divd.nl
Third Party Advisory
Source: csirt@divd.nl
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.