Description
In TypeStack class-validator, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name.
Recommendation
Update the class-validator package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.14.0
- Patched version(s): 0.14.0
References
Related Issues
- Bootstrap Vulnerable to Cross-Site Scripting (GHSA-9v3m-8fp8-mj99) - CVE-2019-8331
- Materialize-css vulnerable to Cross-site Scripting in tooltip component - CVE-2019-11002
- Materialize-css vulnerable to Cross-site Scripting in autocomplete component (GHSA-7752-f4gf-94gc) - CVE-2019-11003
- Materialize-css vulnerable to Cross-site Scripting in autocomplete component - CVE-2019-11003
- Tags:
- npm
- class-validator
Anything's wrong? Let us know Last updated on January 27, 2023