Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Validation bypass in frourio-express
Vulnerability Description
Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Frourio-express 输入验证错误漏洞
Vulnerability Description
Frourio-express是一个用于 TypeScript 的快速且类型安全的全栈框架。 Frourio-express 中存在输入验证错误漏洞,该漏洞源于产品validators/目录下的验证器未对输入数据进行验证。以下产品及版本受到影响:Frourio-express 0.26.0 版本。
CVSS Information
N/A
Vulnerability Type
N/A