Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.
{
"cwe_ids": [
"CWE-200"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/22xxx/CVE-2023-22580.json",
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "v7.0.0-alpha.20"
}
],
"source": "AFFECTED_FIELD"
}
],
"cna_assigner": "DIVD"
}{
"cpe": [
"cpe:2.3:a:sequelizejs:sequelize:*:*:*:*:*:node.js:*:*",
"cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha2.1:*:*:*:node.js:*:*",
"cpe:2.3:a:sequelizejs:sequelize:7.0.0:alpha2.2:*:*:*:node.js:*:*",
"cpe:2.3:a:sequelizejs:sequelize:7.0.0:oc_test_1:*:*:*:node.js:*:*",
"cpe:2.3:a:sequelizejs:sequelize:7.0.0:oc_test_2:*:*:*:node.js:*:*",
"cpe:2.3:a:sequelizejs:sequelize:7.0.0:oc_test_3:*:*:*:node.js:*:*",
"cpe:2.3:a:sequelizejs:sequelize:7.0.0:oc_test_4:*:*:*:node.js:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "6.28.1"
},
{
"introduced": "7.0.0-alpha2\\.1"
},
{
"last_affected": "7.0.0-alpha2\\.1"
},
{
"introduced": "7.0.0-alpha2\\.2"
},
{
"last_affected": "7.0.0-alpha2\\.2"
},
{
"introduced": "7.0.0-oc_test_1"
},
{
"last_affected": "7.0.0-oc_test_1"
},
{
"introduced": "7.0.0-oc_test_2"
},
{
"last_affected": "7.0.0-oc_test_2"
},
{
"introduced": "7.0.0-oc_test_3"
},
{
"last_affected": "7.0.0-oc_test_3"
},
{
"introduced": "7.0.0-oc_test_4"
},
{
"last_affected": "7.0.0-oc_test_4"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}