TypeORM FindOne Authentication Bypass (CVE-2022-33171)

An authentication bypass vulnerability exists in TypeORM FindOne. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

SQL injection in typeORM

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that...

Sql injection

DISPUTED The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position...

CVE-2022-33171

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that...

CVE-2022-33171

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that...

TypeORM SQL注入漏洞

TypeORM TypeORM is an excellent Node.js ORM framework. The goal of the software is to maintain support for the latest Javascript features; with the following features: 1 to provide one-to-one, many-to-one, one-to-many, many-to-many relational processing of tables; 2 to help develop a variety of...

TypeORM SQL Injection

typeorm CVE-2022-33171 findOneid, findOneOrFailid The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to S...

PT-2022-21720 · Typeorm · Typeorm

Name of the Vulnerable Software and Affected Versions: TypeORM versions prior to 0.3.0 Description: The findOne function in TypeORM can be supplied with either a string or a FindOneOptions object. When the input to the function is a user-controlled parsed JSON object, supplying a crafted...

GHSA-4HX3-M8W5-G5QH yii2-redis Potential Remote code execution

Potential remote code execution in LUA context of the redis server via methods yii\redis\ActiveRecord::findOne and yii\redis\ActiveRecord::findAll in yiisoft/yii2-redis. Attackers could probably manipulate data on the redis server...

Steedos Steedos-platform SQL Injection Vulnerability

Steedos Steedos-platform is a Javascript-based website builder for creating websites in a declarative way organized by Steedos China. A SQL injection vulnerability exists in Steedos Platform version 1.21.24 and prior versions, which stems from allowing NoSQL injection because...

SQL Injection in sequelize

Affected versions of sequelize are vulnerable to SQL Injection in locations where user input is passed into the limit or order parameters of sequelize query calls, such as findOne or findAll. Recommendation Update to version 3.17.0 or later...

GHSA-98PQ-PMW9-4GPM SQL Injection in sequelize

Affected versions of sequelize are vulnerable to SQL Injection in locations where user input is passed into the limit or order parameters of sequelize query calls, such as findOne or findAll. Recommendation Update to version 3.17.0 or later...

Sql injection

The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne or findAll call, unless a developer recognizes an undocumented need to sanitize array input...

CVE-2018-7269

The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne or findAll call, unless a developer recognizes an undocumented need to sanitize array input...

Possibility of manipulated condition when unfiltered input is passed to `yii\elasticsearch\ActiveRecord::findOne()` and `::findAll()`

More info at https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/...

Potential SQL Injection

Overview Affected versions of sequelize are vulnerable to SQL Injection when user input is passed into findOne or into a statement such as where: "user input". Recommendation Update to version 3.0.0 or later. Version 3.0.0 will introduce a number of breaking changes. Thankfully, the project autho...