CVE-2022-23623

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23623

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23623.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-23623

Aliases

GHSA-8xxm-h73r-ghfj

Published

2022-02-07T22:15:16Z

Modified

2025-10-22T18:27:01.469506Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Validation bypass in frourio

Details

Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install class-transformer and reflect-metadata.

Database specific

{
    "cwe_ids": [
        "CWE-20"
    ]
}

References

Affected packages

Git / github.com/frouriojs/frourio

Affected ranges

Type: GIT
Repo: https://github.com/frouriojs/frourio
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d62da34adedcb9264eff37d2409f5db00405fc85

Affected versions

v0.*

v0.0.4

v0.1.0

v0.1.1

v0.1.2

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.11.0

v0.12.0

v0.12.1

v0.12.2

v0.13.0

v0.13.1

v0.14.0

v0.14.1

v0.14.2

v0.14.3

v0.15.0

v0.16.0

v0.17.0

v0.17.1

v0.17.2

v0.18.0

v0.18.1

v0.18.2

v0.19.0

v0.19.1

v0.2.0

v0.2.1

v0.2.2

v0.20.0

v0.21.0

v0.21.1

v0.21.2

v0.21.3

v0.21.4

v0.22.0

v0.22.1

v0.22.2

v0.23.0

v0.23.1

v0.24.0

v0.24.1

v0.25.0

v0.25.1

v0.3.0

v0.3.1

v0.4.0

v0.5.0

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.7.2

v0.8.0

v0.9.0

Git / github.com/frourios/frourio