CVE-2025-32020

Vulnerability Description

The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Improper neutralization of the order/sort parameter in the TypeORM adapter, which allows SQL injection. You are impacted by this vulnerability if you are using the TypeORM adapter, ordering is enabled and you have not set-up a property filter. This vulnerability is fixed in 0.1.0.

Related Weaknesses (CWE)

CWE-89

References

https://github.com/Guichaguri/crud-query-parser/security/advisories/GHSA-9r25-rp

FAQ

What is CVE-2025-32020?

CVE-2025-32020 is a documented vulnerability. The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Improper neutralization of the order/sort parameter in the TypeORM adapter, which allows...

How severe is CVE-2025-32020?

CVSS scoring is not yet available for CVE-2025-32020. Check NVD for updates.

Is there a patch for CVE-2025-32020?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.