Vulnerability Details CVE-2022-33171
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation
Exploit prediction scoring system (EPSS) score
EPSS Score 0.096
EPSS Ranking 92.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-Disclosure.html
- http://seclists.org/fulldisclosure/2022/Aug/7
- https://github.com/typeorm/typeorm/compare/0.2.45...0.3.0
- https://seclists.org/fulldisclosure/2022/Jun/51
- http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-Disclosure.html
- http://seclists.org/fulldisclosure/2022/Aug/7
- https://github.com/typeorm/typeorm/compare/0.2.45...0.3.0
- https://seclists.org/fulldisclosure/2022/Jun/51
Products affected by CVE-2022-33171
-
cpe:2.3:a:typeorm:typeorm:0.0.10
-
cpe:2.3:a:typeorm:typeorm:0.0.11
-
cpe:2.3:a:typeorm:typeorm:0.0.2
-
cpe:2.3:a:typeorm:typeorm:0.0.3
-
cpe:2.3:a:typeorm:typeorm:0.0.4
-
cpe:2.3:a:typeorm:typeorm:0.0.5
-
cpe:2.3:a:typeorm:typeorm:0.0.6
-
cpe:2.3:a:typeorm:typeorm:0.0.7
-
cpe:2.3:a:typeorm:typeorm:0.0.8
-
cpe:2.3:a:typeorm:typeorm:0.0.9
-
cpe:2.3:a:typeorm:typeorm:0.1.0
-
cpe:2.3:a:typeorm:typeorm:0.1.1
-
cpe:2.3:a:typeorm:typeorm:0.1.10
-
cpe:2.3:a:typeorm:typeorm:0.1.12
-
cpe:2.3:a:typeorm:typeorm:0.1.13
-
cpe:2.3:a:typeorm:typeorm:0.1.14
-
cpe:2.3:a:typeorm:typeorm:0.1.15
-
cpe:2.3:a:typeorm:typeorm:0.1.16
-
cpe:2.3:a:typeorm:typeorm:0.1.17
-
cpe:2.3:a:typeorm:typeorm:0.1.18
-
cpe:2.3:a:typeorm:typeorm:0.1.19
-
cpe:2.3:a:typeorm:typeorm:0.1.2
-
cpe:2.3:a:typeorm:typeorm:0.1.3
-
cpe:2.3:a:typeorm:typeorm:0.1.4
-
cpe:2.3:a:typeorm:typeorm:0.1.5
-
cpe:2.3:a:typeorm:typeorm:0.1.6
-
cpe:2.3:a:typeorm:typeorm:0.1.7
-
cpe:2.3:a:typeorm:typeorm:0.1.8
-
cpe:2.3:a:typeorm:typeorm:0.1.9
-
cpe:2.3:a:typeorm:typeorm:0.2.0
-
cpe:2.3:a:typeorm:typeorm:0.2.1
-
cpe:2.3:a:typeorm:typeorm:0.2.10
-
cpe:2.3:a:typeorm:typeorm:0.2.11
-
cpe:2.3:a:typeorm:typeorm:0.2.12
-
cpe:2.3:a:typeorm:typeorm:0.2.13
-
cpe:2.3:a:typeorm:typeorm:0.2.14
-
cpe:2.3:a:typeorm:typeorm:0.2.15
-
cpe:2.3:a:typeorm:typeorm:0.2.16
-
cpe:2.3:a:typeorm:typeorm:0.2.17
-
cpe:2.3:a:typeorm:typeorm:0.2.18
-
cpe:2.3:a:typeorm:typeorm:0.2.19
-
cpe:2.3:a:typeorm:typeorm:0.2.2
-
cpe:2.3:a:typeorm:typeorm:0.2.20
-
cpe:2.3:a:typeorm:typeorm:0.2.21
-
cpe:2.3:a:typeorm:typeorm:0.2.22
-
cpe:2.3:a:typeorm:typeorm:0.2.23
-
cpe:2.3:a:typeorm:typeorm:0.2.24
-
cpe:2.3:a:typeorm:typeorm:0.2.25
-
cpe:2.3:a:typeorm:typeorm:0.2.26
-
cpe:2.3:a:typeorm:typeorm:0.2.3
-
cpe:2.3:a:typeorm:typeorm:0.2.4
-
cpe:2.3:a:typeorm:typeorm:0.2.5
-
cpe:2.3:a:typeorm:typeorm:0.2.6
-
cpe:2.3:a:typeorm:typeorm:0.2.7
-
cpe:2.3:a:typeorm:typeorm:0.2.8
-
cpe:2.3:a:typeorm:typeorm:0.2.9