How severe is CVE-2022-29823?

CVE-2022-29823 has a CVSS v3 score of 10 (CRITICAL).

CVE-2022-29823

Name: feathers-sequelize
Author: feathersjs

10.0CRITICAL

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.

发布于: 10/26/2022更新于: 11/21/2024

描述

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.

AI分析AI驱动

受影响产品

feathersjsfeathers-sequelize

参考资料

https://csirt.divd.nl/CVE-2022-29823/
Third Party Advisory
https://csirt.divd.nl/DIVD-2022-00020
Third Party Advisory
https://csirt.divd.nl/CVE-2022-29823/
Third Party Advisory
https://csirt.divd.nl/DIVD-2022-00020
Third Party Advisory