logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2022-33171

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2022-33171

Description:
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation
Last updated date:
08/03/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
07/13/2022
Reference url to background

https://seclists.org/fulldisclosure/2022/Jun/51

Type:
exploit
Confidence:
HIGH
Date of publishing:
10/18/2022
Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy