{"id":"GHSA-8c25-f3mj-v6h8","summary":"Sequelize information disclosure vulnerability","details":"Due to improper input filtering in the sequelize js library, can malicious queries lead to sensitive information disclosure.","aliases":["CVE-2023-22580"],"modified":"2023-11-08T04:11:37.096143Z","published":"2023-02-16T15:30:28Z","database_specific":{"severity":"MODERATE","nvd_published_at":"2023-02-16T15:15:00Z","github_reviewed":true,"github_reviewed_at":"2023-02-22T23:15:10Z","cwe_ids":["CWE-200"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22580"},{"type":"WEB","url":"https://github.com/sequelize/sequelize/pull/15375"},{"type":"WEB","url":"https://github.com/sequelize/sequelize/pull/15699"},{"type":"WEB","url":"https://csirt.divd.nl/CVE-2023-22580"},{"type":"WEB","url":"https://csirt.divd.nl/DIVD-2022-00020"},{"type":"PACKAGE","url":"https://github.com/sequelize/sequelize"},{"type":"WEB","url":"https://github.com/sequelize/sequelize/releases/tag/v6.28.1"},{"type":"WEB","url":"https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20"}],"affected":[{"package":{"name":"sequelize","ecosystem":"npm","purl":"pkg:npm/sequelize"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"6.28.1"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-8c25-f3mj-v6h8/GHSA-8c25-f3mj-v6h8.json"}},{"package":{"name":"@sequelize/core","ecosystem":"npm","purl":"pkg:npm/%40sequelize/core"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"7.0.0-alpha.20"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-8c25-f3mj-v6h8/GHSA-8c25-f3mj-v6h8.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}