GHSA-r3vq-92c6-3mqf – @sequelize/core

Package

Manager: npm
Name: @sequelize/core
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate advisory: Sequelize - Unsafe fall-through in getWhereConditions ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of [GHSA-vqfx-gj96-3w95](https://github.com/advisories/GHSA-vqfx-gj96-3w95). This link is maintained to preserve external references. ## Original Description Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.

Metadata

Created: 2023-02-16T15:30:28Z
Modified: 2023-04-28T22:06:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-r3vq-92c6-3mqf/GHSA-r3vq-92c6-3mqf.json
CWE IDs: ["CWE-843"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0