Validation bypass in frourio-express

Description

No description available.

Recommendation

Update the frourio-express package to the latest compatible version. Followings are version details:

• Affected version(s): < 0.26.0
• Patched version(s): 0.26.0

References

• GHSA-mmj4-777p-fpq9
• CVE-2022-23624
• CWE-1321
• CWE-20
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Validation bypass in frourio - CVE-2022-23623
• @cubejs-backend/api-gateway row level security bypass - CVE-2022-23510
• Authorization Bypass Through User-Controlled Key in urijs - CVE-2022-0613
• parse-server auth adapter app ID validation can be circumvented - CVE-2022-39231

You might also like:

Apache and Express Path Traversal plus Nginx Restriction Bypass Tests with SmartScanner

How to Secure your NodeJs Express Javascript Application - part 2

How to Secure your NodeJs Express Javascript Application - part 1

Tags:

npm

frourio-express