13 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6. Prototipo de contaminación en el repositorio de GitHub robinbuschmann/sequelize-typescript anterior a 2.1.6. • https://github.com/robinbuschmann/sequelize-typescript/commit/5ce8afdd1671b08c774ce106b000605ba8fccf78 https://huntr.com/bounties/36a7ecbf-4d3d-462e-86a3-cda7b1ec64e2 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 4

Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. • https://github.com/bde574786/Sequelize-1day-CVE-2023-25813 https://github.com/White-BAO/CVE-2023-25813 https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b https://github.com/sequelize/sequelize/issues/14519 https://github.com/sequelize/sequelize/releases/tag/v6.19.1 https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.9EPSS: 0%CPEs: 26EXPL: 0

Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. • https://csirt.divd.nl/CVE-2023-22579 https://csirt.divd.nl/DIVD-2022-00020 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. • https://csirt.divd.nl/CVE-2023-22578 https://csirt.divd.nl/DIVD-2022-00020 • CWE-790: Improper Filtering of Special Elements •

CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0

Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. Tiki Wiki CMS Groupware versions 24.0 and below suffers from a PHP object injection vulnerability in grid.php. • https://csirt.divd.nl/CVE-2023-22580 https://csirt.divd.nl/DIVD-2022-00020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •