CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6293 – Prototype Pollution in robinbuschmann/sequelize-typescript
https://notcve.org/view.php?id=CVE-2023-6293
Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6. Prototipo de contaminación en el repositorio de GitHub robinbuschmann/sequelize-typescript anterior a 2.1.6. • https://github.com/robinbuschmann/sequelize-typescript/commit/5ce8afdd1671b08c774ce106b000605ba8fccf78 https://huntr.com/bounties/36a7ecbf-4d3d-462e-86a3-cda7b1ec64e2 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 4CVE-2023-25813 – SQL Injection via replacements in sequelize
https://notcve.org/view.php?id=CVE-2023-25813
Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. • https://github.com/bde574786/Sequelize-1day-CVE-2023-25813 https://github.com/White-BAO/CVE-2023-25813 https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b https://github.com/sequelize/sequelize/issues/14519 https://github.com/sequelize/sequelize/releases/tag/v6.19.1 https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: 26EXPL: 0CVE-2023-22579 – Sequalize - Unsafe fall-through in getWhereConditions
https://notcve.org/view.php?id=CVE-2023-22579
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. • https://csirt.divd.nl/CVE-2023-22579 https://csirt.divd.nl/DIVD-2022-00020 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2023-22578 – Sequalize - Default support for “raw attributes” when using parentheses
https://notcve.org/view.php?id=CVE-2023-22578
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. • https://csirt.divd.nl/CVE-2023-22578 https://csirt.divd.nl/DIVD-2022-00020 • CWE-790: Improper Filtering of Special Elements •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2023-22580 – Sequalize - Bad query filtering leading to SQL errors
https://notcve.org/view.php?id=CVE-2023-22580
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. Tiki Wiki CMS Groupware versions 24.0 and below suffers from a PHP object injection vulnerability in grid.php. • https://csirt.divd.nl/CVE-2023-22580 https://csirt.divd.nl/DIVD-2022-00020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •