Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TypeORM SQL注入漏洞
Vulnerability Description
TypeORM(TypeORM)是一个优秀的 Node.js ORM 框架。该软件的目标是保持支持最新的 Javascript 特性;拥有以下功能:(1)提供表的一对一,多对一,一对多,多对多关系处理;(2)来帮助开发各种用户数据库的应用 - 不管是轻应用还是企业级的。可以实现(3)根据模型自动创建数据库表;(4)可以透明的插入/更新/删除数据库对象;(5)映射数据库 table 到 Javascript 对象,映射表列到 Javascript 对象属性。 TypeORM 0.3.0之前版本存在安全漏洞,
CVSS Information
N/A
Vulnerability Type
N/A