CVE-2022-33171

CRITICAL

TypeORM <0.3.0 - SQL Injection

Title source: llm

Description

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation

Exploits (1)

nomisec WORKING POC

by dajneem23 · poc

https://github.com/dajneem23/CVE-2022-33171

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-Disclosure.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Aug/7

[Release Notes, Third Party Advisory] https://github.com/typeorm/typeorm/compare/0.2.45...0.3.0

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2022/Jun/51

Scores

CVSS v3 9.8

EPSS 0.0320

EPSS Percentile 86.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-89

Status published

Affected Products (2)

typeorm/typeorm < 0.3.0

npm/typeorm < 0.3.0npm

Timeline

Published Jul 04, 2022

Tracked Since Feb 18, 2026