CVE-2023-25813

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-25813

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25813.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25813

Aliases

GHSA-wrh9-cjv3-2hpw

Published

2023-02-22T19:15:11Z

Modified

2024-05-14T12:45:53.671486Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the replacements and the where option in the same query.

References

Affected packages

Git / github.com/sequelize/sequelize

Affected ranges

Type: GIT
Repo: https://github.com/sequelize/sequelize
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ccaa3996047fe00048d5993ab2dd43ebadd4f78b

Affected versions

0.*

0.1.0

0.2.0

0.2.1

0.2.3

0.2.4

0.2.5

0.2.6

0.3.0

0.4.0

0.4.1

0.4.2

0.4.3

1.*

1.0.0

1.0.1

1.0.2

1.1.0

1.1.1

1.7.0-rc3

3.*

3.12.1

3.22.0

3.23.0

v1.*

v1.1.2

v1.1.3

v1.1.4

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.4.0

v1.4.1

v1.5.0

v1.5.0-alpha

v1.5.0-beta

v1.5.0-beta-2

v1.5.1-alpha-1

v1.6.0

v1.6.0-alpha-1

v1.6.0-alpha-2

v1.6.0-alpha-3

v1.6.0-beta-1

v1.6.0-beta-2

v1.6.0-beta-3

v1.6.0-beta4

v1.7.0

v1.7.0-alpha1

v1.7.0-alpha2

v1.7.0-alpha3

v1.7.0-beta.0

v1.7.0-beta.1

v1.7.0-beta.2

v1.7.0-beta.3

v1.7.0-beta.3a

v1.7.0-beta.3b

v1.7.0-beta.4

v1.7.0-beta.4a

v1.7.0-beta.5

v1.7.0-beta6

v1.7.0-beta7

v1.7.0-beta8

v1.7.0-rc1

v1.7.0-rc2

v1.7.0-rc3

v1.7.0-rc4

v1.7.0-rc5

v1.7.0-rc6

v1.7.0-rc7

v1.7.0-rc8

v1.7.0-rc9

v2.*

v2.0.0

v2.0.0-alpha2

v2.0.0-alpha3

v2.0.0-beta.0

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-beta.3

v2.0.0-beta.4

v2.0.0-beta.5

v2.0.0-beta.6

v2.0.0-beta.7

v2.0.0-beta.8

v2.0.0-dev1

v2.0.0-dev10

v2.0.0-dev11

v2.0.0-dev12

v2.0.0-dev13

v2.0.0-dev2

v2.0.0-dev3

v2.0.0-dev4

v2.0.0-dev5

v2.0.0-dev6

v2.0.0-dev7

v2.0.0-dev8

v2.0.0-dev9

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

v2.0.0-rc5

v2.0.0-rc6

v2.0.0-rc7

v2.0.0-rc8

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v3.*

v3.0.0

v3.0.1

v3.1.0

v3.1.1

v3.10.0

v3.12.0

v3.12.2

v3.13.0

v3.14.0

v3.14.2

v3.15.0

v3.15.1

v3.16.0

v3.17.0

v3.17.1

v3.17.2

v3.17.3

v3.18.0

v3.19.0

v3.19.1

v3.19.2

v3.19.3

v3.2.0

v3.20.0

v3.21.0

v3.23.0

v3.23.1

v3.23.2

v3.3.0

v3.3.1

v3.3.2

v3.4.0

v3.4.1

v3.5.0

v3.5.1

v3.6.0

v3.7.0

v3.7.1

v3.8.0

v3.9.0

v4.*

v4.0.0

v4.0.0-0

v4.0.0-1

v4.0.0-2

v4.1.0

v4.10.0

v4.10.1

v4.10.2

v4.10.3

v4.11.0

v4.11.1

v4.11.2

v4.11.3

v4.11.4

v4.11.5

v4.11.6

v4.11.7

v4.12.0

v4.13.0

v4.13.1

v4.13.10

v4.13.11

v4.13.12

v4.13.13

v4.13.14

v4.13.15

v4.13.16

v4.13.17

v4.13.2

v4.13.3

v4.13.4

v4.13.5

v4.13.6

v4.13.7

v4.13.8

v4.13.9

v4.14.0

v4.15.0

v4.15.1

v4.15.2

v4.16.0

v4.16.1

v4.16.2

v4.17.0

v4.17.1

v4.17.2

v4.18.0

v4.19.0

v4.2.0

v4.2.1

v4.20.0

v4.20.1

v4.20.2

v4.20.3

v4.21.0

v4.22.0

v4.22.1

v4.22.10

v4.22.11

v4.22.12

v4.22.13

v4.22.14

v4.22.15

v4.22.16

v4.22.2

v4.22.3

v4.22.4

v4.22.5

v4.22.6

v4.22.7

v4.22.8

v4.22.9

v4.23.0

v4.23.1

v4.23.2

v4.23.3

v4.23.4

v4.24.0

v4.25.0

v4.25.1

v4.25.2

v4.26.0

v4.27.0

v4.28.0

v4.28.1

v4.28.2

v4.28.3

v4.28.4

v4.28.5

v4.28.6

v4.28.7

v4.28.8

v4.29.0

v4.29.1

v4.29.2

v4.29.3

v4.3.0

v4.3.1

v4.3.2

v4.30.0

v4.30.1

v4.30.2

v4.31.0

v4.31.1

v4.31.2

v4.32.0

v4.32.1

v4.32.2

v4.32.3

v4.32.4

v4.32.5

v4.32.6

v4.32.7

v4.33.0

v4.33.1

v4.33.2

v4.33.3

v4.33.4

v4.34.0

v4.34.1

v4.35.0

v4.35.1

v4.35.2

v4.35.3

v4.35.4

v4.35.5

v4.36.0

v4.36.1

v4.37.0

v4.37.1

v4.37.2

v4.37.3

v4.37.4

v4.4.0

v4.4.1

v4.4.10

v4.4.2

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.4.8

v4.4.9

v4.5.0

v4.6.0

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.7.4

v4.7.5

v4.8.0

v4.8.1

v4.8.2

v4.8.3

v4.8.4

v4.9.0

v5.*

v5.0.0-beta

v5.0.0-beta.1

v5.0.0-beta.10

v5.0.0-beta.11

v5.0.0-beta.12

v5.0.0-beta.13

v5.0.0-beta.14

v5.0.0-beta.15

v5.0.0-beta.16

v5.0.0-beta.17

v5.0.0-beta.2

v5.0.0-beta.3

v5.0.0-beta.4

v5.0.0-beta.5

v5.0.0-beta.6

v5.0.0-beta.7

v5.0.0-beta.8

v5.0.0-beta.9

v5.1.0

v5.1.1

v5.10.0

v5.10.1

v5.10.2

v5.10.3

v5.11.0

v5.12.0

v5.12.1

v5.12.2

v5.12.3

v5.13.0

v5.13.1

v5.14.0

v5.15.0

v5.15.1

v5.15.2

v5.16.0

v5.17.0

v5.17.1

v5.17.2

v5.18.0

v5.18.1

v5.18.2

v5.18.3

v5.18.4

v5.19.0

v5.19.1

v5.19.2

v5.19.3

v5.19.4

v5.19.5

v5.19.6

v5.19.7

v5.19.8

v5.2.0

v5.2.1

v5.2.10

v5.2.11

v5.2.12

v5.2.13

v5.2.14

v5.2.15

v5.2.2

v5.2.3

v5.2.4

v5.2.5

v5.2.6

v5.2.7

v5.2.8

v5.2.9

v5.20.0

v5.21.0

v5.3.0

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.3.5

v5.4.0

v5.5.0

v5.5.1

v5.6.0

v5.6.1

v5.7.0

v5.7.1

v5.7.2

v5.7.3

v5.7.4

v5.7.5

v5.7.6

v5.8.0

v5.8.1

v5.8.10

v5.8.11

v5.8.12

v5.8.2

v5.8.3

v5.8.4

v5.8.5

v5.8.6

v5.8.7

v5.8.8

v5.8.9

v5.9.0

v5.9.1

v5.9.2

v5.9.3

v5.9.4

v5.9.5

v6.*

v6.0.0-beta.2

v6.0.0-beta.3

v6.0.0-beta.4

v6.0.0-beta.5

v6.0.0-beta.6

v6.0.0-beta.7

v6.1.0

v6.1.1

v6.10.0

v6.11.0

v6.12.0

v6.12.0-alpha.1

v6.12.0-beta.1

v6.12.0-beta.2

v6.12.0-beta.3

v6.12.1

v6.12.2

v6.12.3

v6.12.4

v6.12.5

v6.13.0

v6.14.0

v6.14.1

v6.15.0

v6.15.1

v6.16.0

v6.16.1

v6.16.2

v6.16.3

v6.17.0

v6.18.0

v6.19.0

v6.2.0

v6.2.1

v6.2.2

v6.2.3

v6.2.4

v6.3.0

v6.3.1

v6.3.2

v6.3.3

v6.3.4

v6.3.5

v6.4.0

v6.5.0

v6.5.1

v6.6.0

v6.6.1

v6.6.2

v6.6.3

v6.6.4

v6.6.5

v6.7.0

v6.8.0

v6.9.0