CVE-2022-33171
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-33171
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
TypeORM SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TypeORM(TypeORM)是一个优秀的 Node.js ORM 框架。该软件的目标是保持支持最新的 Javascript 特性;拥有以下功能:(1)提供表的一对一,多对一,一对多,多对多关系处理;(2)来帮助开发各种用户数据库的应用 - 不管是轻应用还是企业级的。可以实现(3)根据模型自动创建数据库表;(4)可以透明的插入/更新/删除数据库对象;(5)映射数据库 table 到 Javascript 对象,映射表列到 Javascript 对象属性。 TypeORM 0.3.0之前版本存在安全漏洞,
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2022-33171
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | CVE-2022-33171: TypeORM SQL Injection Vulnerability | https://github.com/dajneem23/CVE-2022-33171 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-33171
请登录查看更多情报信息。
- https://github.com/typeorm/typeorm/compare/0.2.45...0.3.0x_refsource_MISC
- https://seclists.org/fulldisclosure/2022/Jun/51x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-33171
Same Patch Batch · n/a · 2022-07-04 · 4 CVEs total
| CVE-2022-34918 | Linux kernel 安全漏洞 | |
| CVE-2022-34829 | ZOHO ManageEngine ADSelfService Plus 输入验证错误漏洞 | |
| CVE-2022-34265 | Django SQL注入漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2022-33171
No comments yet