Vulnerability — CVE-2022-33171

CVE-2022-33171

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-33171
Description:: ** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation.
Last updated date:: 10/18/2022

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/13/2022
Reference url to background: https://seclists.org/fulldisclosure/2022/Jun/51

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/18/2022
Reference url to background: http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-Disclosure.html