15 matches found
CVE-2026-31865
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...
CVE-2026-31865 Elysia Cookie Value Prototype Pollution
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...
CVE-2026-31865
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...
CVE-2026-31865 Elysia Cookie Value Prototype Pollution
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...
CVE-2026-31865
CVE-2026-31865 affects the Elysia TypeScript framework prior to version 1.4.27, where a cookie value could be overridden via prototype pollution (proto ). The issue is fixed in 1.4.27. Impact described as partial integrity impact with possible cookie manipulation; no exploitation details are prov...
EUVD-2026-12749
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...
CVE-2026-31865 Elysia Cookie Value Prototype Pollution
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...
elysia 安全漏洞
Elysia is an open-source framework developed by Elysia. Versions of Elysia prior to 1.4.27 contained security vulnerabilities. These vulnerabilities stemmed from the possibility that Elysia cookies could be contaminated by prototype pollution, which could lead to security issues...
Elysia Cookie Value Prototype Pollution
Impact Elysia cookie can be overridden by prototype pollution , eg. proto Sending cookie with the follows name can override cookie value: bash proto=%7B%22injected%22%3A%22polluted%22%7D Patches Patched by 1.4.27 Workarounds 1. Use t.Cookie validation to enforce validation value 2. Prevent iterab...
GHSA-8HQ9-PHH3-P2WP Elysia Cookie Value Prototype Pollution
Impact Elysia cookie can be overridden by prototype pollution , eg. proto Sending cookie with the follows name can override cookie value: bash proto=%7B%22injected%22%3A%22polluted%22%7D Patches Patched by 1.4.27 Workarounds 1. Use t.Cookie validation to enforce validation value 2. Prevent iterab...
PT-2026-25974
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto . This issue is patched in 1.4.27. As a workaround, use t.Cookie validati...
CVE-2010-4667
Cross-site scripting XSS vulnerability in Coppermine Photo Gallery CPG before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
HPE Cray Legacy Shasta 授权问题漏洞
HPE Cray Legacy Shasta is a supercomputer from Wise and Technology HPE. It can handle the new large-scale convergent modeling that is currently available. A security vulnerability exists in the HPE Cray Legacy Shasta that can be remotely exploited by an attacker to allow bypassing authentication,...
PT-2022-19108 · Hewlett Packard · Hpe Cray Ex Supercomputers +2
Name of the Vulnerable Software and Affected Versions: HPE Cray Legacy Shasta System Solutions versions prior to node controller firmware associated with HPE Cray EX liquid cooled blades HPE Slingshot versions prior to 1.7.2 HPE Cray EX supercomputers versions prior to 1.6.27/1.5.33/1.4.27...
CVE-2010-4667
CVE-2010-4667 affects Coppermine Photo Gallery (CPG) prior to version 1.4.27. The vulnerability is a Cross-site Scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The official description notes no specifics on vectors, and the connec...