CVE-2022-23624
HIGHfrourio-express < 0.26.0 - Improper Input Validation via Class-Validator Integration
Title source: llmDescription
Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/frouriojs/frourio-express/security/advisories/GHSA-mmj4-777p-fpq9
Patch, Third Party Advisory x_refsource_misc
https://github.com/frouriojs/frourio-express/commit/73ded5c6f9f1c126c0cb2d05c0505e9e4db142d2
Scores
CVSS v3
8.1
EPSS
0.0038
EPSS Percentile
59.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
CWE-1321
Status
published
Products (2)
frourio/frourio-express
< 0.26.0
npm/frourio-express
0 - 0.26.0npm
Published
Feb 07, 2022
Tracked Since
Feb 18, 2026