Description
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection.
Recommendation
Update the typeorm package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.3.0
- Patched version(s): 0.3.0
References
- GHSA-fx4w-v43j-vc45
- seclists.org
- packetstormsecurity.com
- CVE-2022-33171
- CWE-89
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- TypeORM vulnerable to MAID and Prototype Pollution - CVE-2020-8158
- Code Injection in mquery - CVE-2020-35149
- Infinite loop in jpeg-js - CVE-2022-25851
- SQL Injection in typeorm (GHSA-w7q7-vjp8-7jv4) - Vulnerability
- Tags:
- npm
- typeorm
Anything's wrong? Let us know Last updated on March 21, 2024