CVE-2023-6293: 
JavaScript vulnerability analysis and mitigation

A prototype pollution vulnerability was identified in the GitHub repository robinbuschmann/sequelize-typescript affecting versions prior to 2.1.6. The vulnerability was discovered and disclosed on November 24, 2023, impacting the Node.js-based Sequelize TypeScript library (NVD, CVE).

The vulnerability is classified as CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes) and has received a CVSS v3.1 base score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. An alternative assessment from huntr.dev assigned a CVSS 3.0 base score of 7.5 (HIGH) with the vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could allow an attacker to modify object prototype attributes, potentially leading to high-impact compromises in integrity and availability of the affected system. The issue specifically relates to incorrect handling of object prototypes, which could expose the application to prototype pollution attacks (NVD).

A fix has been implemented in version 2.1.6 of sequelize-typescript. The patch prevents modification of object prototypes by explicitly denying modifications to 'proto', 'constructor', and 'prototype' properties (GitHub Patch).