GHSA-38cw-85xc-xr9x: Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM
An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests.
References
- github.com/advisories/GHSA-38cw-85xc-xr9x
- github.com/decentralized-identity/veramo
- github.com/decentralized-identity/veramo/commit/067e39dd76f11ee2d25b99c8361d4f02a4223e3b
- github.com/decentralized-identity/veramo/pull/1482
- github.com/decentralized-identity/veramo/releases/tag/v6.0.2
- github.com/decentralized-identity/veramo/security/advisories/GHSA-38cw-85xc-xr9x
Code Behaviors & Features
Detect and mitigate GHSA-38cw-85xc-xr9x with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →