{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T12:33:01.610","vulnerabilities":[{"cve":{"id":"CVE-2022-29823","sourceIdentifier":"csirt@divd.nl","published":"2022-10-26T10:15:16.190","lastModified":"2024-11-21T06:59:45.280","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application."},{"lang":"es","value":"El método cleanQuery de Feather-Sequalize usa una lógica recursiva no segura para filtrar las claves no soportadas del objeto de consulta. Esto resulta en una ejecución de código remota (RCE) con privilegios de la aplicación"}],"metrics":{"cvssMetricV31":[{"source":"csirt@divd.nl","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"csirt@divd.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:feathersjs:feathers-sequelize:*:*:*:*:*:node.js:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.3.4","matchCriteriaId":"D774E13F-E66A-4F0B-9AE2-55671506913E"}]}]}],"references":[{"url":"https://csirt.divd.nl/CVE-2022-29823/","source":"csirt@divd.nl","tags":["Third Party Advisory"]},{"url":"https://csirt.divd.nl/DIVD-2022-00020","source":"csirt@divd.nl","tags":["Third Party Advisory"]},{"url":"https://csirt.divd.nl/CVE-2022-29823/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://csirt.divd.nl/DIVD-2022-00020","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}