Sequelize information disclosure vulnerability · CVE-2023-22580 · GitHub Advisory Database · GitHub

Sequelize information disclosure vulnerability

Moderate severity GitHub Reviewed Published Feb 16, 2023 to the GitHub Advisory Database • Updated Feb 22, 2023

Package

@sequelize/core (npm)

Affected versions

< 7.0.0-alpha.20

Patched versions

7.0.0-alpha.20

sequelize (npm)

< 6.28.1

6.28.1

Description

Due to improper input filtering in the sequelize js library, can malicious queries lead to sensitive information disclosure.

References

Published by the National Vulnerability Database

Feb 16, 2023

Published to the GitHub Advisory Database Feb 16, 2023

Reviewed Feb 22, 2023

Last updated Feb 22, 2023

Severity

Moderate

5.3

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N