Description
In TypeStack class-validator, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name.
Recommendation
Update the class-validator package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.14.0
- Patched version(s): 0.14.0
References
Related Issues
- Cross-Site Scripting in cyberchef - CVE-2019-15532
- Cross-Site Scripting in status-board - CVE-2019-15478
- Cross-site Scripting in aurelia-framework - CVE-2019-10062
- Cross-Site Scripting in iobroker.web - CVE-2019-10771
You might also like:
- Tags:
- npm
- class-validator
Anything's wrong? Let us know Last updated on January 27, 2023


