CVE-2022-33171
- Reference to the description:
- Description:
- The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation
- Last updated date:
- 08/03/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/13/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/18/2022
- Reference url to background
http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-Disclosure.html