CVE-2023-6293

Description

Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6.

How to fix CVE-2023-6293

To remediate CVE-2023-6293, upgrade the affected package to a fixed version below.

• npm/sequelize-typescript—upgrade to 2.1.6 or later

Is CVE-2023-6293 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.1.6

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-6293
• PATCHgithub.com/robinbuschmann/sequelize-typescript
• WEBgithub.com/robinbuschmann/sequelize-typescript/commit/5ce8afdd1671b08c774ce106b000605ba8fccf78
• WEBhuntr.com/bounties/36a7ecbf-4d3d-462e-86a3-cda7b1ec64e2