While working on ever-gauzy project, I scanned the dependency manifest and found that it uses a vulnerable version of @mikro-orm/core. The scan revealed a SQL injection vulnerability where specially crafted objects can be interpreted as raw query fragments, potentially allowing attackers to inject malicious SQL if user input is not properly validated.
CVE Report
CVE Link
While working on ever-gauzy project, I scanned the dependency manifest and found that it uses a vulnerable version of
@mikro-orm/core. The scan revealed a SQL injection vulnerability where specially crafted objects can be interpreted as raw query fragments, potentially allowing attackers to inject malicious SQL if user input is not properly validated.CVE Report
CVE Link