CVE-2025-57749: Typeorm Tenant Isolation Bypass
Detected a TypeORM query using an OR condition (via an array in `find` or `orWhere` in QueryBuilder) between a static property and a user-related property. This pattern can cause authorization bypasses if the static property was meant to distinguish private or specific types of items but lacks a tenant/user restriction (such as mistakenly doing `type: 'perso
TSgreprules fetch cve-2025-57749-typeorm-tenant-isolation-bypass --engine opengrepDescription
Detected a TypeORM query using an OR condition (via an array in `find` or `orWhere` in QueryBuilder) between a static property and a user-related property. This pattern can cause authorization bypasses if the static property was meant to distinguish private or specific types of items but lacks a tenant/user restriction (such as mistakenly doing `type: 'perso
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0