SQL Injection in Guichaguri Crud-query-parser

CVE-2025-32020

The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Improper neutralization of the order/sort parameter in the TypeORM adapter, which allows SQL injection. You are impacted by thi…

Vulnerability class: SQL Injection

EPSS: 0.003 (23.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References