How severe is CVE-2022-29823?

CVE-2022-29823 has a CVSS v3 score of 10 (CRITICAL).

CVE-2022-29823

Name: feathers-sequelize
Author: feathersjs

10.0CRITICAL

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.

Опубликовано: 10/26/2022Обновлено: 11/21/2024

Описание

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.

ИИ-АнализНа базе ИИ

Затронутые продукты

feathersjsfeathers-sequelize

Ссылки

https://csirt.divd.nl/CVE-2022-29823/
Third Party Advisory
https://csirt.divd.nl/DIVD-2022-00020
Third Party Advisory
https://csirt.divd.nl/CVE-2022-29823/
Third Party Advisory
https://csirt.divd.nl/DIVD-2022-00020
Third Party Advisory