Lucene search
K

75 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-56669

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to 1.4.29, Elysia uses getAll in form data normalization for multipart/form-data endpoints, causing the amount of work to grow quadratically with the number of...

7.5CVSS0.00358EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-56669 Elysia: Inefficient Algorithmic Complexity and Interpretation Conflict

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to 1.4.29, Elysia uses getAll in form data normalization for multipart/form-data endpoints, causing the amount of work to grow quadratically with the number of...

7.5CVSS0.00358EPSS
Exploits0References4
CVE
CVE
added 6 days ago9 views

CVE-2026-56669

Elysia (a TypeScript framework for request validation, type inference, OpenAPI docs, and client-server communication) contains a vulnerability (CVE-2026-56669) caused by using getAll in form data normalization for multipart/form-data endpoints prior to 1.4.29. This leads to quadratic growth in wo...

7.5CVSS6AI score0.00358EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.4 views

CVE-2026-31865

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.4 views

CVE-2026-30837

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References1
NVD
NVD
added 2026/03/18 4:17 a.m.6 views

CVE-2026-31865

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...

6.5CVSS0.00232EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 2:50 a.m.29 views

CVE-2026-31865 Elysia Cookie Value Prototype Pollution

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...

6.5CVSS0.00232EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 2:50 a.m.3 views

CVE-2026-31865

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/18 2:50 a.m.19 views

CVE-2026-31865

CVE-2026-31865 affects the Elysia TypeScript framework prior to version 1.4.27, where a cookie value could be overridden via prototype pollution (proto ). The issue is fixed in 1.4.27. Impact described as partial integrity impact with possible cookie manipulation; no exploitation details are prov...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 2:50 a.m.2 views

CVE-2026-31865 Elysia Cookie Value Prototype Pollution

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2026/03/18 2:50 a.m.4 views

CVE-2026-31865 Elysia Cookie Value Prototype Pollution

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

elysia 安全漏洞

Elysia is an open-source framework developed by Elysia. Versions of Elysia prior to 1.4.27 contained security vulnerabilities. These vulnerabilities stemmed from the possibility that Elysia cookies could be contaminated by prototype pollution, which could lead to security issues...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/17 4:17 p.m.13 views

@228-fund/elysia-effect (=0.0.1), @228-fund/elysia-msgpack (>=0.0.1 <=0.0.3) +66 more potentially affected by CVE-2026-31865 via elysia (>=1.0.13 <=1.4.26)

elysia NPM version =1.0.13, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =0.1.0, =1.0.0-next.4, =1.0.0, =0.0.1, =1.0.3, =1.0.8 and more Source cves: CVE-2026-31865 Source advisory: SNYK:JS-ELYSIA-15680180...

6.5CVSS5.8AI score0.00232EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/17 4:17 p.m.7 views

@228-fund/elysia-effect (=0.0.1), @228-fund/elysia-msgpack (>=0.0.1 <=0.0.3) +124 more potentially affected by CVE-2026-31865 via elysia (>=0.1.2 <=1.4.26)

elysia NPM version =0.1.2, =0.0.1, =0.0.1, =0.0.7, =0.0.1-0, =0.0.1, =0.0.3, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =1.6.1-canary.0 and more Source cves: CVE-2026-31865 Source advisory: OSV:GHSA-8HQ9-PHH3-P2WP...

6.5CVSS5.8AI score0.00232EPSS
Exploits0
Snyk
Snyk
added 2026/03/17 4:17 p.m.5 views

Prototype Pollution

Overview elysia is an Ergonomic Framework for Human Affected versions of this package are vulnerable to Prototype Pollution in the Cookie class. An attacker can manipulate application behavior by overriding cookie names with proto. PoC proto=%7B%22injected%22%3A%22polluted%22%7D Details Prototype...

6.9CVSS6.6AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2026/03/17 4:17 p.m.2 views

GHSA-8HQ9-PHH3-P2WP Elysia Cookie Value Prototype Pollution

Impact Elysia cookie can be overridden by prototype pollution , eg. proto Sending cookie with the follows name can override cookie value: bash proto=%7B%22injected%22%3A%22polluted%22%7D Patches Patched by 1.4.27 Workarounds 1. Use t.Cookie validation to enforce validation value 2. Prevent iterab...

6.5CVSS5.9AI score0.00232EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.9 views

PT-2026-25974

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto . This issue is patched in 1.4.27. As a workaround, use t.Cookie validati...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References10
NVD
NVD
added 2026/03/10 9:16 p.m.11 views

CVE-2026-30837

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

7.5CVSS0.00494EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/03/10 9:4 p.m.6 views

@228-fund/elysia-effect (=0.0.1), @228-fund/elysia-msgpack (>=0.0.1 <=0.0.3) +64 more potentially affected by CVE-2026-30837 via elysia (>=1.0.13 <=1.4.22)

elysia NPM version =1.0.13, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =0.1.0, =1.0.0-next.4, =1.0.0, =0.0.1, =1.0.3, =1.0.8 and more Source cves: CVE-2026-30837 Source advisory: SNYK:JS-ELYSIA-15469934...

7.5CVSS5.8AI score0.00494EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/10 9:4 p.m.9 views

@228-fund/elysia-effect (=0.0.1), @228-fund/elysia-msgpack (>=0.0.1 <=0.0.3) +122 more potentially affected by CVE-2026-30837 via elysia (>=0.1.2 <=1.4.22)

elysia NPM version =0.1.2, =0.0.1, =0.0.1, =0.0.7, =0.0.1-0, =0.0.1, =0.0.3, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =1.6.1-canary.0 and more Source cves: CVE-2026-30837 Source advisory: OSV:GHSA-F45G-68Q3-5W8X...

7.5CVSS5.8AI score0.00494EPSS
Exploits1
Rows per page
Query Builder