CVE-2022-29823

Summary

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.

Affected Software

VendorProductVersion RangeStatus
Feather jsFeathers-Sequalize6.x < 6.3.4affected

Weaknesses

  • CWE-1321: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ("Prototype Pollution")

ADP Enrichment

CVE Program Container

Additional References

References