GMS-2019-144: SQL Injection in typeorm

June 6, 2019 (updated August 4, 2021)

Versions of typeorm before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries.

Recommendation

Upgrade to version 0.1.15

References

github.com/advisories/GHSA-w7q7-vjp8-7jv4
github.com/typeorm/typeorm/commit/d46c8b0e6c0db56bb5976a4917e9f67a43715111
hackerone.com/reports/319458
www.npmjs.com/advisories/800

Detect and mitigate GMS-2019-144 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →