Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.6 views

CVE-2022-33171

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that...

9.8CVSS7.7AI score0.20299EPSS
Exploits6References1
Check Point Advisories
Check Point Advisories
added 2022/11/02 12:0 a.m.10 views

TypeORM FindOne Authentication Bypass (CVE-2022-33171)

An authentication bypass vulnerability exists in TypeORM FindOne. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

7.5CVSS6.2AI score0.20299EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2022/07/05 12:0 a.m.4 views

@5minlab/serverless-typeorm (=1.1.0), @abdelrahmannoaman-mdlabs/group-module (>=1.0.1 <=1.0.68) +2286 more potentially affected by CVE-2022-33171 via typeorm (>=0.0.10 <=0.3.0-rc.33)

typeorm NPM version =0.0.10, =1.0.1, =3.3.4, =1.0.1, =0.0.1, =0.9.3, =1.0.0, =1.1.126, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2022-33171 Source advisory: OSV:GHSA-FX4W-V43J-VC45...

9.8CVSS7.7AI score0.20299EPSS
Exploits6
Circl
Circl
added 2022/07/04 8:12 p.m.6 views

CVE-2022-33171

creationtimestamp| type| source ---|---|--- 2022-07-04 20:12:37+00:00| seen| https://t.me/cibsecurity/45571 2025-12-08 15:00:08+00:00| published-proof-of-concept| Telegram/LcY7eBFwAwyzwe0KaufIGSBHQfjWzlBSbPNDVNgDN2U1XQ...

9.8CVSS8.7AI score0.20299EPSS
Exploits6References1
OSV
OSV
added 2022/07/04 4:15 p.m.6 views

CVE-2022-33171

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that...

9.8CVSS9.7AI score
Exploits0References4
CVE
CVE
added 2022/07/04 3:51 p.m.146 views

CVE-2022-33171

TypeORM prior to 0.3.0 is affected by an SQL injection vulnerability in findOne/findOneOrFail when user-controlled JSON is passed as FindOneOptions instead of an id string. The vulnerability arises because a crafted FindOneOptions object can be interpreted as part of the SQL query, allowing attac...

9.8CVSS9.6AI score0.20299EPSS
Exploits6References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/07/04 3:51 p.m.17 views

CVE-2022-33171

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that...

7.6AI score0.20299EPSS
Exploits6References4
Rows per page
Query Builder