CVE-2022-23623
HIGHfrourio < 0.26.0 - Improper Input Validation in class-validator Integration
Title source: llmDescription
Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/frouriojs/frourio/security/advisories/GHSA-8xxm-h73r-ghfj
Patch, Third Party Advisory x_refsource_misc
https://github.com/frouriojs/frourio/commit/7c19ac5363305b81b1c6b5232620228763d427af
Scores
CVSS v3
8.1
EPSS
0.0038
EPSS Percentile
59.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
CWE-1321
Status
published
Products (2)
frourio/frourio
< 0.26.0
npm/frourio
0 - 0.26.0npm
Published
Feb 07, 2022
Tracked Since
Feb 18, 2026