PT-2022-16137 · Unknown +1 · Class-Transformer +3

Name of the Vulnerable Software and Affected Versions: Frourio versions prior to v0.26.0 Description: Frourio is a full stack framework for TypeScript. Users who use Frourio version prior to v0.26.0 and integrate with class-validator through the validators/ folder are subject to an input validati...

PT-2022-16138 · Unknown · Class-Transformer +3

Name of the Vulnerable Software and Affected Versions: Frourio-express versions prior to v0.26.0 Description: Frourio-express is a minimal full stack framework for TypeScript. Users who use Frourio-express version prior to v0.26.0 and integrate with class-validator through the validators/ folder...

6ix (=0.0.0-canary.0), 9ight (>=0.0.0-canary.0 <=0.0.0-canary.6) +2907 more potentially affected by CVE-2019-18413 via class-validator (>=0.10.0 <=0.13.2)

class-validator NPM version =0.10.0, =0.0.0-canary.0, =0.0.1, =1.0.4, =4.2.3, =2.7.0, =1.1.0, =1.1.0, =1.0.0, =0.0.1, =0.1.0, =0.0.2, =0.0.1, =0.0.13 and more Source cves: CVE-2019-18413 Source advisory: OSV:GHSA-FJ58-H2FR-3PP2...

GHSA-FJ58-H2FR-3PP2 SQL Injection and Cross-site Scripting in class-validator

In TypeStack class-validator, validate input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented a...

SQL Injection and Cross-site Scripting in class-validator

In TypeStack class-validator, validate input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented a...

Arbitrary Code Execution

class-validator is vulnerable to arbitrary code execution. The vulnerability exists due to the insecure defaults where the property of forbidUnknownValues is not set to true, allowing unknown objects from passing validation...

CVE-2019-18413

In TypeStack class-validator 0.10.2, validate input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not...

CVE-2019-18413

In TypeStack class-validator 0.10.2, validate input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not...

Sql injection

In TypeStack class-validator 0.10.2, validate input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not...

CVE-2019-18413

CVE-2019-18413 affects TypeStack class-validator 0.10.2, where validate() input validation can be bypassed because internal attributes can be overwritten with a conflicting name. This bypass enables attackers to inject malicious input potentially leading to SQL Injection or XSS. The description n...

CVE-2019-18413

In TypeStack class-validator 0.10.2, validate input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not...

TypeStack class-validator SQL Injection Vulnerability

TypeStack class-validator is a class validator. A SQL injection vulnerability exists in TypeStack class-validator version 0.10.2, which can be exploited to bypass security checks by injecting attribute entries into user input to override internal attribute entries with the same name...

PT-2019-15396 · Typestack · Class-Validator

Name of the Vulnerable Software and Affected Versions: class-validator versions 0.10.2 through 0.13.x Description: The validate input validation in class-validator can be bypassed because certain internal attributes can be overwritten via a conflicting name. Although there is an optional...