Miggo Logo
Miggo Vulnerability Database
GHSA-r3vq-92c6-3mqf

GHSA-r3vq-92c6-3mqf: Duplicate advisory: Sequelize - Unsafe fall-through in getWhereConditions

8.8

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-r3vq-92c6-3mqf
EPSS Score
-
CWE
CWE-843
Published
2/16/2023
Updated
4/28/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
@sequelize/corenpm< 7.0.0-alpha.207.0.0-alpha.20

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The advisory directly identifies getWhereConditions as the vulnerable function through its title and description. This function processes WHERE clause conditions in Sequelize queries. The type confusion (CWE-843) occurs when untrusted input passes through this function without proper validation, allowing attackers to inject query logic. While no patch code is shown, the withdrawn advisory's explicit reference to this function name and the CWE type confusion pattern strongly indicate this is the primary vulnerable entry point for runtime detection.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

## *upli**t* **visory T*is **visory **s ***n wit**r*wn ****us* it is * *upli**t* o* [**S*-vq*x-*j**-*w**](*ttps://*it*u*.*om/**visori*s/**S*-vq*x-*j**-*w**). T*is link is m*int*in** to pr*s*rv* *xt*rn*l r***r*n**s. ## Ori*in*l **s*ription *u* to imp

Reasoning

T** **visory *ir**tly i**nti*i*s `**tW**r**on*itions` *s t** vuln*r**l* *un*tion t*rou** its titl* *n* **s*ription. T*is *un*tion pro**ss*s W**R* *l*us* *on*itions in `S*qu*liz*` qu*ri*s. T** typ* *on*usion (*W*-***) o**urs w**n untrust** input p*ss*