Access of Resource Using Incompatible Type ('Type Confusion') Affecting sequelize package, versions <6.28.1
Threat Intelligence
EPSS
0.1% (41st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-SEQUELIZE-3324090
- published 17 Feb 2023
- disclosed 17 Feb 2023
- credit Unknown
Introduced: 17 Feb 2023
CVE-2023-22579 Open this link in a new tabHow to fix?
Upgrade sequelize
to version 6.28.1 or higher.
Overview
sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server.
Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') due to improper user-input sanitization, due to unsafe fall-through in GET WHERE
conditions.
CVSS Scores
version 3.1