MikroORM is vulnerable to SQL Injection via specially crafted object

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6.10 and 7.0.6.

N/A

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

MikroORM SQL注入漏洞

MikroORM是MikroORM开源的一个支持多数据库的类型安全对象关系映射框架。 MikroORM 6.6.10之前版本和7.0.6之前版本存在SQL注入漏洞，该漏洞源于特制对象被解释为原始SQL查询片段，可能导致SQL注入攻击。

N/A

N/A