Ebadfd

**Name of the Vulnerable Software and Affected Versions** Elysia versions prior to 1.4.27 **Description** Elysia is a Typescript framework used for request validation, type inference, OpenAPI documentation, and client-server communication. A prototype pollution issue exists in Elysia where a cookie can be overridden, specifically using the ` proto ` property. Sending a cookie with the name ` proto ` can override cookie values. This issue is addressed in version 1.4.27. **Recommendations** Versions prior to 1.4.27 should be updated to version 1.4.27 or later. As a workaround, use `t.Cookie` validation to enforce validation of cookie values and/or prevent iteration over cookies if possible.