Description
In TypeStack class-validator, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name.
Recommendation
Update the class-validator package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.14.0
- Patched version(s): 0.14.0
References
Related Issues
- AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes - CVE-2019-14863
- DOM-based cross-site scripting in Froala Editor - CVE-2019-19935
- Cross-site Scripting in pandao editor.md - CVE-2019-14517
- Cross-site Scripting in pandao - CVE-2019-14653
- Tags:
- npm
- class-validator
Anything's wrong? Let us know Last updated on January 27, 2023