Lucene search
+L

5 matches found

prion
prion
added 2022/07/04 4:15 p.m.21 views

Sql injection

DISPUTED The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position...

7.5CVSS9.6AI score0.20299EPSS
Exploits6References4Affected Software1
vulnrichment
vulnrichment
added 2022/07/04 3:51 p.m.17 views

CVE-2022-33171

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that...

7.6AI score0.20299EPSS
Exploits6References4
cvelist
cvelist
added 2022/07/04 3:51 p.m.49 views

CVE-2022-33171

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that...

10AI score0.20299EPSS
Exploits6References4
packetstorm
packetstorm
added 2022/07/01 12:0 a.m.869 views

TypeORM SQL Injection

typeorm CVE-2022-33171 findOneid, findOneOrFailid The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to S...

0.1AI score0.20299EPSS
Exploits6
ptsecurity
ptsecurity
added 2022/07/01 12:0 a.m.6 views

PT-2022-21720 · Typeorm · Typeorm

Name of the Vulnerable Software and Affected Versions: TypeORM versions prior to 0.3.0 Description: The findOne function in TypeORM can be supplied with either a string or a FindOneOptions object. When the input to the function is a user-controlled parsed JSON object, supplying a crafted...

9.8CVSS7.8AI score0.20299EPSS
Exploits6References16
Rows per page
Query Builder