Tag
MikroORM is vulnerable to SQL injection due to improper escaping in identifier-quoting and JSON-path emitters, enabling attackers to inject arbitrary SQL via manipulated strings passed to public ORM APIs, potentially leading to data leaks, modification, and privilege escalation.