CVE-2022-33171
SQL Injection vulnerability in typeorm (npm)
What is CVE-2022-33171 About?
This vulnerability in TypeORM allows for SQL injection when the `findOne` function receives a user-controlled parsed JSON object as input. It can lead to unauthorized data access, modification, or denial of service by manipulating database queries. Exploitation is relatively easy if input validation is insufficient.
Affected Software
Technical Details
The findOne function in TypeORM before 0.3.0 is designed to accept either a string (for an ID) or a FindOneOptions object. The vulnerability arises when applications directly pass a user-controlled, parsed JSON object to this function without proper validation. An attacker can craft a JSON object that, when interpreted as a FindOneOptions object, embeds malicious SQL fragments into the underlying SQL query. For instance, by providing specific keys and values within the JSON that correspond to query options in FindOneOptions, the attacker can inject SQL operators or clauses (e.g., 'OR 1=1 --', 'UNION SELECT ...'), altering the query's logic or extracting unauthorized data.
What is the Impact of CVE-2022-33171?
Successful exploitation may allow attackers to execute arbitrary SQL commands, leading to unauthorized access to, modification of, or deletion of sensitive database information.
What is the Exploitability of CVE-2022-33171?
Exploitation of this SQL Injection vulnerability is of low to moderate complexity, requiring knowledge of TypeORM's findOne function parameters and SQL injection techniques. No authentication is required if the vulnerable endpoint is accessible to unauthenticated users. No special privileges are needed on the database for the initial injection. The vulnerability can be exploited remotely if the application exposes an endpoint that processes user-controlled JSON input to the findOne function. The primary prerequisite is that the application does not validate or sanitize user-controlled JSON objects before passing them to findOne. The likelihood of exploitation increases significantly in applications interacting with databases where user input is directly mapped to query parameters.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-33171?
Available Upgrade Options
- typeorm
- <0.3.0 → Upgrade to 0.3.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- http://seclists.org/fulldisclosure/2022/Aug/7
- https://nvd.nist.gov/vuln/detail/CVE-2022-33171
- https://seclists.org/fulldisclosure/2022/Jun/51
- http://seclists.org/fulldisclosure/2022/Aug/7
- https://github.com/typeorm/typeorm/compare/0.2.45...0.3.0
- https://osv.dev/vulnerability/GHSA-fx4w-v43j-vc45
- http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-Disclosure.html
- http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-Disclosure.html
- https://github.com/typeorm/typeorm/compare/0.2.45...0.3.0
- https://seclists.org/fulldisclosure/2022/Jun/51
What are Similar Vulnerabilities to CVE-2022-33171?
Similar Vulnerabilities: CVE-2023-45811 , CVE-2023-43640 , CVE-2023-28825 , CVE-2023-26466 , CVE-2023-2550
