4 matches found
@228-fund/elysia-effect (=0.0.1), @228-fund/elysia-msgpack (>=0.0.1 <=0.0.3) +59 more potentially affected by CVE-2025-66457 via elysia (>=1.0.13 <=1.4.16)
elysia NPM version =1.0.13, =0.0.1, =0.1.0, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =0.1.0, =1.0.0-next.4, =1.0.0, =0.0.1, =1.0.3, =1.1.0, =1.1.2 - @fangorn-network/fetch =2026.4.0-9.dev and more Source cves: CVE-2025-66457 Source advisory: SNYK:JS-ELYSIA-14287466...
CVE-2025-66457
CVE-2025-66457 affects Elysia (TypeScript framework). Vulnerability: when dynamic cookies are enabled and a cookie schema exists, the cookie config can be injected into compiled routes without sanitisation, enabling Arbitrary Code Injection. Root cause: unsanitized dynamic cookie configuration in...
@228-fund/elysia-effect (=0.0.1), @228-fund/elysia-msgpack (>=0.0.1 <=0.0.3) +117 more potentially affected by CVE-2025-66456 +1 more via elysia (>=0.1.2 <=1.4.17)
elysia NPM version =0.1.2, =0.0.1, =0.0.1, =0.0.7, =0.0.1-0, =0.0.1, =0.0.3, =0.0.1, =0.1.0, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =0.1.0, =1.0.0-next.4, =1.0.0-next.6 and more Source cves: CVE-2025-66456, CVE-2025-66457 Source advisory: OSV:GHSA-8VCH-M3F4-Q8JF...
@dockstat/plugin-builder (>=1.0.3 <=1.0.8), @dockstat/typings (>=1.1.0 <=1.1.2) +8 more potentially affected by CVE-2025-66456 +1 more via elysia (>=1.4.11 <=1.4.16)
elysia NPM version =1.4.11, =1.0.3, =1.1.0, =0.1.29, =0.0.21-alpha.3, =2.0.0, =1.2.11, =0.0.1, =0.1.0, =0.6.0 - nautika-types =1.6.0 Source cves: CVE-2025-66456, CVE-2025-66457 Source advisory: OSV:GHSA-HXJ9-33PP-J2CC...