CVE-2022-33171

CRITICAL LAB

TypeORM < 0.3.0 - SQL Injection via FindOneOptions Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-33171. PoCs published by open-flaw, dajneem23.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2022-33171, demonstrating SQL injection in TypeORM via crafted `FindOneOptions` objects. It includes a vulnerable app setup, exploit script, and Docker environment for testing.

Description

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation

Exploits (2)

nomisec WORKING POC
by open-flaw · poc
https://github.com/open-flaw/CVE-2022-33171

This repository contains a functional exploit PoC for CVE-2022-33171, demonstrating SQL injection in TypeORM via crafted `FindOneOptions` objects. It includes a vulnerable app setup, exploit script, and Docker environment for testing.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: TypeORM < 0.3.0
No auth needed
Prerequisites: PostgreSQL database · Node.js environment · TypeORM vulnerable version
devstral-2 · analyzed May 19, 2026 Full analysis →
nomisec WORKING POC
by dajneem23 · poc
https://github.com/dajneem23/CVE-2022-33171

This repository contains a functional exploit for CVE-2022-33171, demonstrating SQL injection in TypeORM via crafted `FindOneOptions` objects. It includes a vulnerable app setup, exploit script, and Docker environment for testing.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: TypeORM < 0.3.0
No auth needed
Prerequisites: PostgreSQL database · TypeORM vulnerable version · Network access to target
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/typeorm/typeorm/compare/0.2.45...0.3.0
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2022/Jun/51
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2022/Aug/7
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-Disclosure.html

Scores

CVSS v3 9.8
EPSS 0.0530
EPSS Percentile 90.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Lab Environment

COMMUNITY
Community Lab
docker pull postgres:15-alpine

Details

CWE
CWE-89
Status published
Products (2)
npm/typeorm 0 - 0.3.0npm
typeorm/typeorm < 0.3.0
Published Jul 04, 2022
Tracked Since Feb 18, 2026