Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-8158
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对假设不可变数据的修改(MAID)
Source: NVD (National Vulnerability Database)
Vulnerability Title
TypeORM SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TypeORM(TypeORM)是一个优秀的 Node.js ORM 框架。该软件的目标是保持支持最新的 Javascript 特性;拥有以下功能:(1)提供表的一对一,多对一,一对多,多对多关系处理;(2)来帮助开发各种用户数据库的应用 - 不管是轻应用还是企业级的。可以实现(3)根据模型自动创建数据库表;(4)可以透明的插入/更新/删除数据库对象;(5)映射数据库 table 到 Javascript 对象,映射表列到 Javascript 对象属性。 TypeORM 中存在SQL注入漏洞。该漏洞源于
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-typeorm Fixed Version: 0.2.25 -
II. Public POCs for CVE-2020-8158
#POC DescriptionSource LinkShenlong Link
1This is a proof-of-concept demonstrating CVE-2020-8158, a critical prototype pollution vulnerability in TypeORM versions < 0.2.25.https://github.com/dajneem23/CVE-2020-8158POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-8158
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same vendor: n/a
Same weakness: CWE-471
V. Comments for CVE-2020-8158

No comments yet

Leave a comment