CVE-2023-22578— Sequalize - Default support for “raw attributes” when using parentheses
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-22578
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sequalize - Default support for “raw attributes” when using parentheses
Source: NVD (National Vulnerability Database)
Vulnerability Description
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
特殊元素过滤不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
feathers-sequelize 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
feathers-sequelize是Feathers Ecosystem开源的一个用于 Sequelize 的 Feathers 数据库适配器。 feathersjs-ecosystem/feathers-sequelize存在安全漏洞,该漏洞源于属性过滤不当,攻击者利用该漏洞可以进行SQL注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Feathers-Sequalize | Sequelize.js | <v7.0.0-alpha.20 | - |
II. Public POCs for CVE-2023-22578
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-22578
请登录查看更多情报信息。
- https://csirt.divd.nl/CVE-2023-22578third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-22578
Same Patch Batch · Feathers-Sequalize · 2023-02-16 · 3 CVEs total
| CVE-2023-22579 | 9.9 CRITICAL | Sequalize - Unsafe fall-through in getWhereConditions |
| CVE-2023-22580 | 5.3 MEDIUM | Sequalize - Bad query filtering leading to SQL errors |
IV. Related Vulnerabilities
Same weakness: CWE-790
- CVE-2026-2328
Backend Access Due to Insufficient Input Validation - CVE-2025-27260
Ericsson Indoor Connect 8855 - Improper Filtering of Special - CVE-2025-0431
Enterprise Protection Backslash URL Rewrite Bypass - CVE-2024-47984
Dell RecoverPoint for Virtual Machines 安全漏洞 - CVE-2024-42416
Multiple issues in ctl(4) CAM Target Layer
V. Comments for CVE-2023-22578
No comments yet