How severe is CVE-2022-29823?

CVE-2022-29823 has a CVSS v3 score of 10 (CRITICAL).

CVE-2022-29823

Name: feathers-sequelize
Author: feathersjs

10.0CRITICAL

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.

公開日: 10/26/2022更新日: 11/21/2024

説明

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.

AI分析AIによる分析

影響を受ける製品

feathersjsfeathers-sequelize

参照

https://csirt.divd.nl/CVE-2022-29823/
Third Party Advisory
https://csirt.divd.nl/DIVD-2022-00020
Third Party Advisory
https://csirt.divd.nl/CVE-2022-29823/
Third Party Advisory
https://csirt.divd.nl/DIVD-2022-00020
Third Party Advisory