2 matches found
6ix (=0.0.0-canary.0), 9ight (>=0.0.0-canary.0 <=0.0.0-canary.6) +2906 more potentially affected by CVE-2019-18413 via class-validator (>=0.10.0 <=0.13.2)
class-validator NPM version =0.10.0, =0.0.0-canary.0, =0.0.1, =1.0.4, =4.2.3, =2.7.0, =1.1.0, =1.1.0, =1.0.0, =0.0.1, =0.1.0, =0.0.2, =0.0.1, =0.0.13 and more Source cves: CVE-2019-18413 Source advisory: OSV:GHSA-FJ58-H2FR-3PP2...
CVE-2019-18413
In TypeStack class-validator 0.10.2, validate input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not...