CVE-2022-33171

moderate-risk
Published 2022-07-04

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation

Do I need to act?

~
3.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 941b584ba135617e55d6685caef671172ec1dc03
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Typeorm

Affected Vendors

Typeorm

References (8)

Exploit http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-Disclosure...
Mailing List http://seclists.org/fulldisclosure/2022/Aug/7
Release Notes https://github.com/typeorm/typeorm/compare/0.2.45...0.3.0
Exploit https://seclists.org/fulldisclosure/2022/Jun/51
Exploit http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-Disclosure...
Mailing List http://seclists.org/fulldisclosure/2022/Aug/7
Release Notes https://github.com/typeorm/typeorm/compare/0.2.45...0.3.0
Exploit https://seclists.org/fulldisclosure/2022/Jun/51
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal