CVE-2026-31865
- EPSS 0.02%
- Veröffentlicht 18.03.2026 02:50:55
- Zuletzt bearbeitet 20.03.2026 17:52:07
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. `__proto__`. This issue is patch...
CVE-2026-30837
- EPSS 0.02%
- Veröffentlicht 10.03.2026 20:12:14
- Zuletzt bearbeitet 20.03.2026 15:23:08
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String({ format: 'url' }) is vulnerable to ReDoS. Repeating a partial url format (protocol and hostnam...
CVE-2025-66457
- EPSS 0.1%
- Veröffentlicht 09.12.2025 20:15:54
- Zuletzt bearbeitet 17.12.2025 14:27:42
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled (e....
CVE-2025-66456
- EPSS 0.2%
- Veröffentlicht 09.12.2025 19:43:10
- Zuletzt bearbeitet 17.12.2025 14:30:08
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.0 through 1.4.16 contain a prototype pollution vulnerability in `mergeDeep` after merging results of two stan...