CVE-2022-23624

Name of the Vulnerable Software and Affected Versions Frourio-express versions prior to v0.26.0

Description Frourio-express is a minimal full stack framework for TypeScript. Users who use Frourio-express version prior to v0.26.0 and integrate with class-validator through the validators/ folder are subject to an input validation issue. Validators do not work properly for request bodies and queries in specific situations, and some input is not validated at all.

Recommendations Update Frourio-express to v0.26.0 or later. Install class-transformer and reflect-metadata to your project. As a temporary workaround, consider validating objects from requests with class-transformer in controllers by yourself, or prevent using validators.