GrepRules
Sign inPublish rule
Explore/cve-2026-42230-typeorm-potential-idor-or-condition

CVE-2026-42230: Typeorm Potential Idor Or Condition

A TypeORM `where` array or `orWhere` statement includes a static condition alongside a user access parameter. This acts as an OR in SQL and might unintentionally expose all rows matching the static condition regardless of ownership boundaries.

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0TS
greprules fetch cve-2026-42230-typeorm-potential-idor-or-condition --engine opengrep

Description

A TypeORM `where` array or `orWhere` statement includes a static condition alongside a user access parameter. This acts as an OR in SQL and might unintentionally expose all rows matching the static condition regardless of ownership boundaries.

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
146 downloads0 direct146 via packs
· 0 stars · Quality score 61How quality works
Included packs
2 packs