Description
Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.
Remediation
References
https://csirt.divd.nl/CVE-2022-2422
https://csirt.divd.nl/DIVD-2022-00020
Related Vulnerabilities
CVE-2012-4449 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2020-13445 Vulnerability in maven package com.liferay:com.liferay.portal.template.velocity
CVE-2019-10744 Vulnerability in maven package org.webjars.bower:lodash
CVE-2021-31712 Vulnerability in npm package react-draft-wysiwyg