fkie_cve-2023-22579
Vulnerability from fkie_nvd
Published
2023-02-16 15:15
Modified
2024-11-21 07:45
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| csirt@divd.nl | https://csirt.divd.nl/CVE-2023-22579 | Third Party Advisory | |
| csirt@divd.nl | https://csirt.divd.nl/DIVD-2022-00020/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://csirt.divd.nl/CVE-2023-22579 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://csirt.divd.nl/DIVD-2022-00020/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sequelizejs | sequelize | * | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 | |
| sequelizejs | sequelize | 7.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "C6D41099-F18E-4C0F-8EF9-6EE5E3828496",
"versionEndExcluding": "6.28.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "4179FE6A-3886-4FA1-B490-CBF6B7CE0B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha10:*:*:*:node.js:*:*",
"matchCriteriaId": "E16693FF-134A-41D1-986B-5FFA8E4986AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha11:*:*:*:node.js:*:*",
"matchCriteriaId": "FC165BC5-4E17-406B-BEFE-AF8FE179D251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha12:*:*:*:node.js:*:*",
"matchCriteriaId": "3DA8AD1D-10AD-4AE6-9D7D-C1F263E1A405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha13:*:*:*:node.js:*:*",
"matchCriteriaId": "E3819430-A940-4613-84AB-7D9976B44FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha14:*:*:*:node.js:*:*",
"matchCriteriaId": "78CC6DC8-E66F-4761-B094-A573D9040C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha15:*:*:*:node.js:*:*",
"matchCriteriaId": "AA275970-F6E9-4898-A1C4-070F51E9EDAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha16:*:*:*:node.js:*:*",
"matchCriteriaId": "5FDE1D82-C9AE-4648-B90A-05446ADE90BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha17:*:*:*:node.js:*:*",
"matchCriteriaId": "7C4849E3-51F0-4F96-B04F-734E965B6E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha18:*:*:*:node.js:*:*",
"matchCriteriaId": "D33B30B3-77B5-4726-A4F4-A87D16A96453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha19:*:*:*:node.js:*:*",
"matchCriteriaId": "08603865-D895-49F5-BE44-11572ADBD6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "84C4609A-DD50-40CB-B6F8-5EFB99D3A0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha2.1:*:*:*:node.js:*:*",
"matchCriteriaId": "06A56CCA-72DE-46A5-B3E1-06B16FEBF4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha2.2:*:*:*:node.js:*:*",
"matchCriteriaId": "433309DA-0220-4993-AF16-55BD8BB58AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha3:*:*:*:node.js:*:*",
"matchCriteriaId": "0DDF5574-DF93-4D64-8665-8F6F0DB64DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha4:*:*:*:node.js:*:*",
"matchCriteriaId": "6C2602C0-EA83-4C58-ADB5-54D997C7DC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha5:*:*:*:node.js:*:*",
"matchCriteriaId": "5A5A8ED4-8B8D-4EB2-8877-A44879676061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha6:*:*:*:node.js:*:*",
"matchCriteriaId": "3CFA85F4-2997-42F3-81D6-3646E8B2A9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha7:*:*:*:node.js:*:*",
"matchCriteriaId": "25D004E2-EEAC-4931-AECC-4BACE1B53DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha8:*:*:*:node.js:*:*",
"matchCriteriaId": "8F191D02-5ACE-45A8-8690-956E0E9692C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha9:*:*:*:node.js:*:*",
"matchCriteriaId": "7A482F6B-DF87-46E8-BFA4-FB78FB2508E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:oc_test_1:*:*:*:node.js:*:*",
"matchCriteriaId": "16D9C410-E3C0-4D1C-B6C9-241E44815CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:oc_test_2:*:*:*:node.js:*:*",
"matchCriteriaId": "686AF958-F9CA-4E40-9F45-02178EDB14F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:oc_test_3:*:*:*:node.js:*:*",
"matchCriteriaId": "BC7AA901-F475-4C79-ABFE-0D3CFE544AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sequelizejs:sequelize:7.0.0:oc_test_4:*:*:*:node.js:*:*",
"matchCriteriaId": "7E8293BE-2BAB-4B4F-9219-3DBA34F0EF0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to improper parameter filtering in the sequalize js library, can a attacker peform injection."
}
],
"id": "CVE-2023-22579",
"lastModified": "2024-11-21T07:45:00.253",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "csirt@divd.nl",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-16T15:15:18.460",
"references": [
{
"source": "csirt@divd.nl",
"tags": [
"Third Party Advisory"
],
"url": "https://csirt.divd.nl/CVE-2023-22579"
},
{
"source": "csirt@divd.nl",
"tags": [
"Third Party Advisory"
],
"url": "https://csirt.divd.nl/DIVD-2022-00020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://csirt.divd.nl/CVE-2023-22579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://csirt.divd.nl/DIVD-2022-00020/"
}
],
"sourceIdentifier": "csirt@divd.nl",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "csirt@divd.nl",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…