Description
In TypeStack class-validator, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name.
Recommendation
Update the class-validator package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.14.0
- Patched version(s): 0.14.0
References
Related Issues
- AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes - CVE-2019-14863
- Materialize-css vulnerable to Cross-site Scripting in tooltip component - materialize-css - CVE-2019-11002
- Materialize-css vulnerable to Cross-site Scripting in tooltip component - CVE-2019-11002
- DOM-based cross-site scripting in Froala Editor - CVE-2019-19935
You might also like:
- Tags:
- npm
- class-validator
Anything's wrong? Let us know Last updated on January 27, 2023