Description
Versions of typeorm before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries.
Recommendation
Update the typeorm package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.1.15
- Patched version(s): 0.1.15
References
Related Issues
- FUXA SQL Injection vulnerability (GHSA-p46g-8c3q-89p2) - CVE-2023-31719
- LangChain serialization injection vulnerability enables secret extraction (GHSA-r399-636x-v7f6) - CVE-2025-68665
- Command Injection Vulnerability in systeminformation (GHSA-m57p-p67h-mq74) - CVE-2020-26274
- FUXA SQL Injection vulnerability - CVE-2023-31717
- Tags:
- npm
- typeorm
Anything's wrong? Let us know Last updated on January 09, 2023