CVE-2025-66402: Typeorm Insecure Relation Export
Eagerly loading data with relations via TypeORM's `find()` and directly exporting or serializing it might bypass access controls for the related entities. Use a QueryBuilder to apply authorization constraints on joins, or perform access checks within the loop before serialization or processing.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
TS
TSgreprules fetch cve-2025-66402-typeorm-insecure-relation-export --engine opengrepDescription
Eagerly loading data with relations via TypeORM's `find()` and directly exporting or serializing it might bypass access controls for the related entities. Use a QueryBuilder to apply authorization constraints on joins, or perform access checks within the loop before serialization or processing.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0