Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-2422
- https://csirt.divd.nl/cases/DIVD-2022-00020
- https://csirt.divd.nl/cves/CVE-2022-2422
- https://github.com/feathersjs-ecosystem/feathers-sequelize/commit/0f2d85f0b2d556f2b6c70423dcebdbd29d95e3dc
- https://csirt.divd.nl/CVE-2022-2422
- https://csirt.divd.nl/DIVD-2022-00020
- https://github.com/advisories/GHSA-qpv8-4pjq-qqh7