Description
Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.
Recommendation
Update the typeorm package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.2.25
- Patched version(s): 0.2.25
References
Related Issues
- Command Injection in lodash (GHSA-35jh-r3h4-6jhm) - CVE-2021-23337
- Bootstrap Cross-Site Scripting (XSS) vulnerability - CVE-2024-6531
- Regular Expression Denial of Service in jsoneditor - CVE-2021-3822
- @intlify/shared Prototype Pollution vulnerability - CVE-2024-52810
- Tags:
- npm
- typeorm
Anything's wrong? Let us know Last updated on January 30, 2023