CVE-2022-23623

Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`.
Configurations

Configuration 1 (hide)

cpe:2.3:a:frourio:frourio:*:*:*:*:*:node.js:*:*

History

21 Nov 2024, 06:48

Type Values Removed Values Added
References () https://github.com/frouriojs/frourio/commit/7c19ac5363305b81b1c6b5232620228763d427af - Patch, Third Party Advisory () https://github.com/frouriojs/frourio/commit/7c19ac5363305b81b1c6b5232620228763d427af - Patch, Third Party Advisory
References () https://github.com/frouriojs/frourio/security/advisories/GHSA-8xxm-h73r-ghfj - Third Party Advisory () https://github.com/frouriojs/frourio/security/advisories/GHSA-8xxm-h73r-ghfj - Third Party Advisory
CVSS v2 : 6.5
v3 : 8.8
v2 : 6.5
v3 : 8.1

13 Jul 2023, 15:52

Type Values Removed Values Added
CWE CWE-1321

Information

Published : 2022-02-07 23:15

Updated : 2024-11-21 06:48


NVD link : CVE-2022-23623

Mitre link : CVE-2022-23623

CVE.ORG link : CVE-2022-23623


JSON object : View

Products Affected

frourio

  • frourio
CWE
CWE-20

Improper Input Validation

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')