CVE-2022-2422: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

October 26, 2022 (updated January 2, 2024)

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.

References

csirt.divd.nl/cases/DIVD-2022-00020
csirt.divd.nl/cves/CVE-2022-2422
nvd.nist.gov/vuln/detail/CVE-2022-2422

Detect and mitigate CVE-2022-2422 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →