From abec18dfe16367f1be2ac8c20e5bfcb2c053a1eb Mon Sep 17 00:00:00 2001 From: "aikido-autofix[bot]" <119856028+aikido-autofix[bot]@users.noreply.github.com> Date: Thu, 16 Apr 2026 12:44:51 +0000 Subject: [PATCH] fix(security): autofix NoSQL injection attack possible --- routes/captcha.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routes/captcha.ts b/routes/captcha.ts index c5fc7a499ba..c1a194b6a7c 100644 --- a/routes/captcha.ts +++ b/routes/captcha.ts @@ -34,7 +34,7 @@ function captchas () { } captchas.verifyCaptcha = () => (req: Request, res: Response, next: NextFunction) => { - CaptchaModel.findOne({ where: { captchaId: req.body.captchaId } }).then((captcha: Captcha | null) => { + CaptchaModel.findOne({ where: { captchaId: Number(req.body.captchaId) } }).then((captcha: Captcha | null) => { if ((captcha != null) && req.body.captcha === captcha.answer) { next() } else {