SQL Injection

Overview drizzle-orm is a Drizzle ORM package for SQL databases Affected versions of this package are vulnerable to SQL Injection through the escapeName handling in the PostgreSQL, SQLite, and SingleStore dialects. An attacker can inject arbitrary SQL by supplying a malicious identifier to...

CVE-2026-39356 SQL Injection via escapeName() in all Drizzle ORM SQL dialects

Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or...

drizzle-orm SQL注入漏洞

Drizzle-ORM is a lightweight, multi-database-supported TypeScript ORM project developed by the Drizzle Team. Versions of drizzle-orm prior to 0.45.2 and 1.0.0-beta.20 contain a SQL injection vulnerability. This vulnerability arises from the improper escaping of SQL identifiers in the escapeName...

Fedora 20 : ikiwiki-3.20140125-1.fc20 (2014-1747)

Update to the latest stable version. Changes in ikiwiki 3.20140125 : - inline: Allow overriding the title of the feed. Closes: http://bugs.debian.org/735123 Thanks, Christophe Rhodes - osm: Escape name parameter. Closes: http://bugs.debian.org/731797 Changes in ikiwiki 3.20140102 : - aggregate:...