Rewterz Threat Alert – Chaos Ransomware – Active IOCs
February 23, 2023Rewterz Threat Advisory – Multiple Apache Airflow Vulnerabilities
February 24, 2023Rewterz Threat Alert – Chaos Ransomware – Active IOCs
February 23, 2023Rewterz Threat Advisory – Multiple Apache Airflow Vulnerabilities
February 24, 2023Severity
High
Analysis Summary
CVE-2023-25813
Node.js sequelize module is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the where option using the lastName parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
Impact
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2023-25813
Affected Vendors
Node.js
Affected Products
- Node.js sequelize 6.17.0
- Node.js sequelize 6.18.0
- Node.js sequelize 6.19.0
Remediation
Refer to Node.js sequelize module GIT Repository for patch, upgrade or suggested workaround information.