A attack against ORM to handle strings differently to trigger SQL injection. Make javascript handle types differently. Send a javascript object that the ORM treats as a different type to trigger injections
Prisma Filter Attack
{"email" : {"gte":""}}
JSON Injection
{"toString" : "admin"}
Email Edge Case
- If SMTP server is misconfigured, we can send two emails
a@x.com.b@y.com