Publish GHSA-w7q7-vjp8-7jv4

advisory-database[bot] · advisory-database[bot] · commit 7b353fe93aca · 2026-02-11T22:07:13.000Z
diff --git a/advisories/github-reviewed/2019/06/GHSA-w7q7-vjp8-7jv4/GHSA-w7q7-vjp8-7jv4.json b/advisories/github-reviewed/2019/06/GHSA-w7q7-vjp8-7jv4/GHSA-w7q7-vjp8-7jv4.json
@@ -1,12 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w7q7-vjp8-7jv4",
-  "modified": "2020-08-31T18:36:13Z",
+  "modified": "2026-02-11T22:05:23Z",
   "published": "2019-06-06T15:30:16Z",
   "aliases": [],
   "summary": "SQL Injection in typeorm",
   "details": "Versions of `typeorm` before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries.\n\n\n## Recommendation\n\nUpgrade to version 0.1.15",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -37,6 +42,10 @@
       "type": "WEB",
       "url": "https://hackerone.com/reports/319458"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/typeorm/typeorm"
+    },
     {
       "type": "WEB",
       "url": "https://www.npmjs.com/advisories/800"
@@ -46,7 +55,7 @@
     "cwe_ids": [
       "CWE-89"
     ],
-    "severity": "HIGH",
+    "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2019-06-05T21:25:43Z",
     "nvd_published_at": null
