TypeORM vulnerable to MAID and Prototype Pollution

Severity:: High

Description

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.

Recommendation

Update the typeorm package to the latest compatible version. Followings are version details:

Affected version(s): < 0.2.25
Patched version(s): 0.2.25

References

GHSA-pf2j-9qmp-jqr2
hackerone.com
CVE-2020-8158
CWE-1321
CWE-471
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

yargs-parser Vulnerable to Prototype Pollution - CVE-2020-7608
shvl vulnerable to prototype pollution - CVE-2020-28278
Prototype Pollution in mathjs - CVE-2020-7743
lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit` - CVE-2026-2950

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; typeorm

Anything's wrong? Let us know Last updated on January 30, 2023