CVE-2022-33171

CVE-2022-33171

** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor’s position is that the user’s application is responsible for input validation.

Source: CVE-2022-33171

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다