The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| typeorm(npm) | 0 | 0.3.0 | N/A |
CVSS Metrics
