SQL Injection in Guichaguri Crud-query-parser
CVE-2025-32020
The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Improper neutralization of the order/sort parameter in the TypeORM adapter, which allows SQL injection. You are impacted by thi…
Vulnerability class: SQL Injection
EPSS: 0.003 (23.4th percentile) — read the EPSS interpretation.
Affected products
- Guichaguri Crud-query-parser — versions < 0.1.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)