Description
Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.
Recommendation
Update the typeorm package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.2.25
- Patched version(s): 0.2.25
References
Related Issues
- shvl vulnerable to prototype pollution - CVE-2020-28278
- yargs-parser Vulnerable to Prototype Pollution - CVE-2020-7608
- node-gettext vulnerable to Prototype Pollution - CVE-2024-21528
- parse is vulnerable to prototype pollution - CVE-2025-57324
- Tags:
- npm
- typeorm
Anything's wrong? Let us know Last updated on January 30, 2023