Description
Versions of typeorm before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries.
Recommendation
Update the typeorm package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.1.15
- Patched version(s): 0.1.15
References
Related Issues
- counterpart vulnerable to prototype pollution - CVE-2025-57354
- Parse Server has an OAuth login vulnerability - CVE-2025-30168
- Use of Insufficiently Random Values in undici - CVE-2025-22150
- SummerNote Cross Site Scripting Vulnerability - CVE-2024-37629
- Tags:
- npm
- typeorm
Anything's wrong? Let us know Last updated on January 09, 2023