Description
Versions of typeorm before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries.
Recommendation
Update the typeorm package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.1.15
- Patched version(s): 0.1.15
References
Related Issues
- FUXA SQL Injection vulnerability (GHSA-p46g-8c3q-89p2) - CVE-2023-31719
- SQL injection in typeORM - CVE-2022-33171
- ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability - CVE-2024-39309
- @saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defst - Vulnerability
- Tags:
- npm
- typeorm
Anything's wrong? Let us know Last updated on February 11, 2026