RSS   Vulnerabilities for 'Class-transformer'   RSS

2020-04-06
 
CVE-2020-7637

CWE-20
 

 
class-transformer through 0.2.3 is vulnerable to Prototype Pollution. The 'classToPlainFromExist' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.

 


Copyright 2024, cxsecurity.com

 

Back to Top