Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04bXdxLW1qNzMtcXY2OM4AAxqm
Duplicate advisory: Sequelize vulnerable to Improper Filtering of Special Elements
Duplicate advisory
This advisory has been withdrawn because it is a duplicate of GHSA-f598-mfpv-gmfx. This link is maintained to preserve external references.
Original Description
Due to improper attribute filtering in the sequelize js library, an attacker can peform SQL injections. This issue can be mitigated by not accepting untrusted input.
Permalink: https://github.com/advisories/GHSA-8mwq-mj73-qv68JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04bXdxLW1qNzMtcXY2OM4AAxqm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 year ago
Updated: about 1 year ago Widthdrawn: about 1 year ago
CVSS Score: 10.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Identifiers: GHSA-8mwq-mj73-qv68
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-22578
- https://csirt.divd.nl/CVE-2023-22578
- https://csirt.divd.nl/DIVD-2022-00020/
- https://github.com/sequelize/sequelize/discussions/15694
- https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20
- https://github.com/advisories/GHSA-8mwq-mj73-qv68
Blast Radius: 52.9
Affected Packages
npm:sequelize
Dependent packages: 4,888Dependent repositories: 193,226
Downloads: 8,695,742 last month
Affected Version Ranges: <= 6.28.2
Fixed in: 6.29.0
All affected versions: 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.7, 1.7.8, 1.7.9, 1.7.10, 1.7.11, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.7.0, 3.7.1, 3.8.0, 3.9.0, 3.10.0, 3.11.0, 3.12.0, 3.12.1, 3.12.2, 3.13.0, 3.14.0, 3.14.1, 3.14.2, 3.15.0, 3.15.1, 3.16.0, 3.17.0, 3.17.1, 3.17.2, 3.17.3, 3.18.0, 3.19.0, 3.19.1, 3.19.2, 3.19.3, 3.20.0, 3.21.0, 3.22.0, 3.23.0, 3.23.1, 3.23.2, 3.23.3, 3.23.4, 3.23.5, 3.23.6, 3.24.0, 3.24.1, 3.24.2, 3.24.3, 3.24.4, 3.24.5, 3.24.6, 3.24.7, 3.24.8, 3.25.0, 3.25.1, 3.26.0, 3.27.0, 3.28.0, 3.29.0, 3.30.0, 3.30.1, 3.30.2, 3.30.3, 3.30.4, 3.31.0, 3.31.1, 3.31.2, 3.32.1, 3.33.0, 3.34.0, 3.35.0, 3.35.1, 4.0.0, 4.1.0, 4.2.0, 4.2.1, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.5.0, 4.6.0, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.11.7, 4.12.0, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.13.4, 4.13.5, 4.13.6, 4.13.7, 4.13.8, 4.13.9, 4.13.10, 4.13.11, 4.13.12, 4.13.13, 4.13.14, 4.13.15, 4.13.16, 4.13.17, 4.14.0, 4.15.0, 4.15.1, 4.15.2, 4.16.0, 4.16.1, 4.16.2, 4.17.0, 4.17.1, 4.17.2, 4.18.0, 4.19.0, 4.20.0, 4.20.1, 4.20.2, 4.20.3, 4.21.0, 4.22.0, 4.22.1, 4.22.2, 4.22.3, 4.22.4, 4.22.5, 4.22.6, 4.22.7, 4.22.8, 4.22.9, 4.22.10, 4.22.11, 4.22.12, 4.22.13, 4.22.14, 4.22.15, 4.22.16, 4.23.0, 4.23.1, 4.23.2, 4.23.3, 4.23.4, 4.24.0, 4.25.0, 4.25.1, 4.25.2, 4.26.0, 4.27.0, 4.28.0, 4.28.1, 4.28.2, 4.28.3, 4.28.4, 4.28.5, 4.28.6, 4.28.7, 4.28.8, 4.29.0, 4.29.1, 4.29.2, 4.29.3, 4.30.0, 4.30.1, 4.30.2, 4.31.0, 4.31.1, 4.31.2, 4.32.0, 4.32.1, 4.32.2, 4.32.3, 4.32.4, 4.32.5, 4.32.6, 4.32.7, 4.33.0, 4.33.1, 4.33.2, 4.33.3, 4.33.4, 4.34.0, 4.34.1, 4.35.0, 4.35.1, 4.35.2, 4.35.3, 4.35.4, 4.35.5, 4.36.0, 4.36.1, 4.37.0, 4.37.1, 4.37.2, 4.37.3, 4.37.4, 4.37.5, 4.37.6, 4.37.7, 4.37.8, 4.37.9, 4.37.10, 4.38.0, 4.38.1, 4.39.0, 4.39.1, 4.40.0, 4.41.0, 4.41.1, 4.41.2, 4.42.0, 4.42.1, 4.43.0, 4.43.1, 4.43.2, 4.44.0, 4.44.1, 4.44.2, 4.44.3, 4.44.4, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.4.0, 5.5.0, 5.5.1, 5.6.0, 5.6.1, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.8.0, 5.8.1, 5.8.2, 5.8.3, 5.8.4, 5.8.5, 5.8.6, 5.8.7, 5.8.8, 5.8.9, 5.8.10, 5.8.11, 5.8.12, 5.9.0, 5.9.1, 5.9.2, 5.9.3, 5.9.4, 5.9.5, 5.10.0, 5.10.1, 5.10.2, 5.10.3, 5.11.0, 5.12.0, 5.12.1, 5.12.2, 5.12.3, 5.13.0, 5.13.1, 5.14.0, 5.15.0, 5.15.1, 5.15.2, 5.16.0, 5.17.0, 5.17.1, 5.17.2, 5.18.0, 5.18.1, 5.18.2, 5.18.3, 5.18.4, 5.19.0, 5.19.1, 5.19.2, 5.19.3, 5.19.4, 5.19.5, 5.19.6, 5.19.7, 5.19.8, 5.20.0, 5.21.0, 5.21.1, 5.21.2, 5.21.3, 5.21.4, 5.21.5, 5.21.6, 5.21.7, 5.21.8, 5.21.9, 5.21.10, 5.21.11, 5.21.12, 5.21.13, 5.22.0, 5.22.1, 5.22.2, 5.22.3, 5.22.4, 5.22.5, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.4.0, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.4, 6.6.5, 6.7.0, 6.8.0, 6.9.0, 6.10.0, 6.11.0, 6.12.0, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.13.0, 6.14.0, 6.14.1, 6.15.0, 6.15.1, 6.16.0, 6.16.1, 6.16.2, 6.16.3, 6.17.0, 6.18.0, 6.19.0, 6.19.1, 6.19.2, 6.20.0, 6.20.1, 6.21.0, 6.21.1, 6.21.2, 6.21.3, 6.21.4, 6.21.5, 6.21.6, 6.22.0, 6.22.1, 6.23.0, 6.23.1, 6.23.2, 6.24.0, 6.25.0, 6.25.1, 6.25.2, 6.25.3, 6.25.4, 6.25.5, 6.25.6, 6.25.7, 6.25.8, 6.26.0, 6.27.0, 6.28.0, 6.28.1, 6.28.2
All unaffected versions: 6.29.0, 6.29.1, 6.29.2, 6.29.3, 6.30.0, 6.31.0, 6.31.1, 6.32.0, 6.32.1, 6.33.0, 6.34.0, 6.35.0, 6.35.1, 6.35.2, 6.36.0, 6.37.0, 6.37.1, 6.37.2, 6.37.3
npm:@sequelize/core
Dependent packages: 26Dependent repositories: 151
Downloads: 29,801 last month
Affected Version Ranges: < 7.0.0-alpha.20
Fixed in: 7.0.0-alpha.20
All affected versions: 7.0.0-alpha.10, 7.0.0-alpha.11, 7.0.0-alpha.12, 7.0.0-alpha.13, 7.0.0-alpha.14, 7.0.0-alpha.15, 7.0.0-alpha.16, 7.0.0-alpha.17, 7.0.0-alpha.18, 7.0.0-alpha.19
All unaffected versions: