Description
Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.
Recommendation
Update the typeorm package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.2.25
- Patched version(s): 0.2.25
References
Related Issues
- TypeORM vulnerable to SQL injection via crafted request to repository.save or repository.update - CVE-2025-60542
- Angular (deprecated package) Cross-site Scripting - CVE-2022-25869
- Regular Expression Denial of Service in papaparse - CVE-2020-36649
- Bootstrap Cross-Site Scripting (XSS) vulnerability - CVE-2024-6531
- Tags:
- npm
- typeorm
Anything's wrong? Let us know Last updated on January 30, 2023