Return to CVE list

CVE-2025-32020

0.0
Low

CVE-2025-32020

security-advisories@github.com
Awaiting Analysis
View on MITREFind on GitHub

Description

The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Improper neutralization of the order/sort parameter in the TypeORM adapter, which allows SQL injection. You are impacted by this vulnerability if you are using the TypeORM adapter, ordering is enabled and you have not set-up a property filter. This vulnerability is fixed in 0.1.0.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

security-advisories@github.com
https://github.com/Guichaguri/crud-query-parser/security/advisories/GHSA-9r25-rp3p-h2w4