CVE-2023-25813 - OpenCVE

Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Sequelizejs	Sequelize

Configuration 1 [-]

cpe:2.3:a:sequelizejs:sequelize:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b	Patch
https://github.com/sequelize/sequelize/issues/14519	Exploit Issue Tracking
https://github.com/sequelize/sequelize/releases/tag/v6.19.1	Release Notes
https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-02-22T18:14:44.579Z

Updated: 2023-02-22T18:14:44.579Z

Reserved: 2023-02-15T16:34:48.773Z

Link: CVE-2023-25813

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-02-22T19:15:11.777

Modified: 2023-03-03T02:04:19.600

Link: CVE-2023-25813

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-25813", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-02-15T16:34:48.773Z", "datePublished": "2023-02-22T18:14:44.579Z", "dateUpdated": "2023-02-22T18:14:44.579Z"}, "containers": {"cna": {"title": "SQL Injection via replacements in sequelize", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw"}, {"name": "https://github.com/sequelize/sequelize/issues/14519", "tags": ["x_refsource_MISC"], "url": "https://github.com/sequelize/sequelize/issues/14519"}, {"name": "https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b", "tags": ["x_refsource_MISC"], "url": "https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b"}, {"name": "https://github.com/sequelize/sequelize/releases/tag/v6.19.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/sequelize/sequelize/releases/tag/v6.19.1"}], "affected": [{"vendor": "sequelize", "product": "sequelize", "versions": [{"version": "< 6.19.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-02-22T18:14:44.579Z"}, "descriptions": [{"lang": "en", "value": "Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query."}], "source": {"advisory": "GHSA-wrh9-cjv3-2hpw", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sequelizejs:sequelize:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "17071F43-EBB2-4A3C-ACD4-8914666046E8", "versionEndExcluding": "6.19.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query."}], "id": "CVE-2023-25813", "lastModified": "2023-03-03T02:04:19.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-02-22T19:15:11.777", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/sequelize/sequelize/issues/14519"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/sequelize/sequelize/releases/tag/v6.19.1"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Secondary"}]}