25 matches found
CVE-2026-31865
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...
CVE-2026-30837
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...
CVE-2026-31865 Elysia Cookie Value Prototype Pollution
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...
CVE-2026-31865 Elysia Cookie Value Prototype Pollution
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...
CVE-2026-31865
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...
CVE-2026-31865
CVE-2026-31865 affects the Elysia TypeScript framework prior to version 1.4.27, where a cookie value could be overridden via prototype pollution (proto ). The issue is fixed in 1.4.27. Impact described as partial integrity impact with possible cookie manipulation; no exploitation details are prov...
CVE-2026-31865 Elysia Cookie Value Prototype Pollution
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...
PT-2026-25974
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto . This issue is patched in 1.4.27. As a workaround, use t.Cookie validati...
CVE-2026-30837
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...
CVE-2026-30837
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...
CVE-2026-30837 Elysia has a string URL format redos
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...
CVE-2026-30837 Elysia has a string URL format redos
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...
EUVD-2026-10861
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...
PT-2026-24422
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...
elysia 安全漏洞
Elysia is an open-source framework developed by Elysia. Versions of Elysia prior to 1.4.26 contained security vulnerabilities. These vulnerabilities were caused by defects in the regular expressions used in the t.String format for handling URLs, which could lead to denial-of-service attacks due t...
CVE-2025-66456
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.0 through 1.4.16 contain a prototype pollution vulnerability in mergeDeep after merging results of two standard schema validations with the same key. Due to...
CVE-2025-66457
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...
CVE-2025-66456
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.0 through 1.4.16 contain a prototype pollution vulnerability in mergeDeep after merging results of two standard schema validations with the same key. Due to...
CVE-2025-66457 Elysia affected by arbitrary code injection through cookie config
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...
CVE-2025-66457 Elysia affected by arbitrary code injection through cookie config
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...