Vulnerability Description
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Typeorm | Typeorm | < 0.3.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-DisclosureExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/Aug/7Mailing ListThird Party Advisory
- https://github.com/typeorm/typeorm/compare/0.2.45...0.3.0Release NotesThird Party Advisory
- https://seclists.org/fulldisclosure/2022/Jun/51ExploitMailing ListThird Party Advisory
- http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-DisclosureExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/Aug/7Mailing ListThird Party Advisory
- https://github.com/typeorm/typeorm/compare/0.2.45...0.3.0Release NotesThird Party Advisory
- https://seclists.org/fulldisclosure/2022/Jun/51ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2022-33171?
CVE-2022-33171 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted Fi...
How severe is CVE-2022-33171?
CVE-2022-33171 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-33171?
Check the references section above for vendor advisories and patch information. Affected products include: Typeorm Typeorm.