Critical CodeQL Security Warning: Template Object Injection in 'routes/dataErasure.ts' (CVSS 9.3)

A scheduled security scan has flagged a critical vulnerability in the codebase. The CodeQL analysis tool has identified a Template Object Injection flaw at line 87 of the `routes/dataErasure.ts` file, assigning it a maximum-severity CVSS score of 9.3. This indicates a high-risk security weakness where the template object's behavior depends on user-provided input, creating a potential vector for remote code execution or data manipulation.

The finding originates from an automated GitHub Actions workflow (`security-scan.yml`) run on March 8, 2026. The vulnerability is classified under the `js/template-object-injection` rule. The core issue is that the application's data erasure logic, a sensitive function, is constructing a template object using unsanitized external input. This pattern allows an attacker to potentially inject and execute arbitrary code within the server context by manipulating the provided values.

The immediate remediation step is a manual code review of the specified location to understand the data flow and implement proper input validation or sanitization. The high CVSS score underscores the urgency, as such vulnerabilities are frequently exploited to compromise application integrity and steal sensitive data. This finding places the entire data handling and erasure functionality under scrutiny, requiring immediate developer attention to prevent a potential breach.