GHSA-w7q7-vjp8-7jv4

Source

https://github.com/advisories/GHSA-w7q7-vjp8-7jv4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-w7q7-vjp8-7jv4/GHSA-w7q7-vjp8-7jv4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w7q7-vjp8-7jv4

Published

2019-06-06T15:30:16Z

Modified

2026-02-11T22:17:32.138308Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

SQL Injection in typeorm

Details

Versions of typeorm before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries.

Recommendation

Upgrade to version 0.1.15

Database specific

{
    "github_reviewed_at": "2019-06-05T21:25:43Z",
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true
}

References

Affected packages

npm / typeorm

Package

Name: typeorm; View open source insights on deps.dev
Purl: pkg:npm/typeorm

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.1.15

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-w7q7-vjp8-7jv4/GHSA-w7q7-vjp8-7jv4.json"