Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Typeorm
(Typeorm)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 2 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-07-04 | CVE-2022-33171 | The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation | Typeorm | 9.8 | ||
2020-09-18 | CVE-2020-8158 | Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks. | Typeorm | 9.8 |