10 matches found
CVE-2025-66457
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...
Arbitrary Code Injection
Overview elysia is an Ergonomic Framework for Human Affected versions of this package are vulnerable to Arbitrary Code Injection via the cookie config. An attacker can execute arbitrary code by injecting malicious input into the configuration when dynamic cookies are enabled and the cookie schema...
CVE-2025-66457
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...
CVE-2025-66457
CVE-2025-66457 affects Elysia (TypeScript framework). Vulnerability: when dynamic cookies are enabled and a cookie schema exists, the cookie config can be injected into compiled routes without sanitisation, enabling Arbitrary Code Injection. Root cause: unsanitized dynamic cookie configuration in...
CVE-2025-66457 Elysia affected by arbitrary code injection through cookie config
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...
CVE-2025-66457 Elysia affected by arbitrary code injection through cookie config
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...
CVE-2025-66457 Elysia affected by arbitrary code injection through cookie config
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...
Elysia affected by arbitrary code injection through cookie config
Arbitrary code execution from cookie config. If dynamic cookies are enabled ie there exists a schema for cookies, the cookie config is injected into the compiled route without first being sanitised. Availability of this exploit is generally low, as it requires write access to either the Elysia...
GHSA-8VCH-M3F4-Q8JF Elysia affected by arbitrary code injection through cookie config
Arbitrary code execution from cookie config. If dynamic cookies are enabled ie there exists a schema for cookies, the cookie config is injected into the compiled route without first being sanitised. Availability of this exploit is generally low, as it requires write access to either the Elysia...
PT-2025-50228
Name of the Vulnerable Software and Affected Versions Elysia versions 1.4.17 and below Description Elysia is a Typescript framework used for request validation, type inference, OpenAPI documentation, and client-server communication. Versions 1.4.17 and below are susceptible to arbitrary code...