Security Advisory

CVE-2022-33171

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-07-04 15:51:49

Last updated 2024-08-03 08:01:20

Assigner mitre

State PUBLISHED

Description

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendors position is that the users application is responsible for input validation

← Browse all CVEs View on cve.org ↗