Количество 2
Количество 2
CVE-2022-33171
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation
GHSA-fx4w-v43j-vc45
SQL injection in typeORM
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-33171 The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation | CVSS3: 9.8 | 6% Низкий | больше 3 лет назад |
| GHSA-fx4w-v43j-vc45 SQL injection in typeORM | CVSS3: 9.8 | 6% Низкий | больше 3 лет назад |
Уязвимостей на страницу