CVE-2022-23624

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-23624
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23624.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-23624
Aliases
Related
Published
2022-02-07T23:15:07Z
Modified
2025-01-08T14:05:35.341510Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install class-transformer and reflect-metadata.

References

Affected packages

Git / github.com/frouriojs/frourio-express

Affected ranges

Type
GIT
Repo
https://github.com/frouriojs/frourio-express
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
73ded5c6f9f1c126c0cb2d05c0505e9e4db142d2
Fixed
73ded5c6f9f1c126c0cb2d05c0505e9e4db142d2

Affected versions

v0.*

v0.16.0
v0.17.0
v0.17.1
v0.18.0
v0.18.1
v0.18.2
v0.19.0
v0.19.1
v0.20.0
v0.21.0
v0.21.1
v0.21.2
v0.21.3
v0.22.0
v0.22.1
v0.22.2
v0.23.0
v0.24.0
v0.24.1
v0.25.0
v0.25.1