Описание
Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install class-transformer and reflect-metadata.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.26.0 (исключая)
cpe:2.3:a:frourio:frourio:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 59%
0.00377
Низкий
8.1 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-20
CWE-20
Связанные уязвимости
EPSS
Процентиль: 59%
0.00377
Низкий
8.1 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-20
CWE-20