Vulnerability Database

318,389

Total vulnerabilities in the database

SQL Injection in typeorm

Versions of typeorm before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries.

Recommendation

Upgrade to version 0.1.15

Published: Jun 6, 2019
Updated: Apr 14, 2023
GHSA: GHSA-w7q7-vjp8-7jv4
Severity: High
Exploit:

No technical information available.

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
typeorm	-	0.1.15

https://github.com/typeorm/typeorm/commit/d46c8b0e6c0db56bb5976a4917e9f67a43715111
https://hackerone.com/reports/319458
https://www.npmjs.com/advisories/800

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo