VulnerableCode Package Details - pkg:npm/elysia@1.4.17

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/elysia@1.4.17

Essentials
History (1)

purl	pkg:npm/elysia@1.4.17

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-4wjr-2u8x-dbdg	Elysia vulnerable to prototype pollution with multiple standalone schema validation Prototype pollution vulnerability in `mergeDeep` after merging results of two standard schema validations with the same key. Due to the ordering of merging, there must be an `any` type that is set as a `standalone` guard, to allow for the `__proto__` prop to be merged. When combined with GHSA-8vch-m3f4-q8jf this allows for a full RCE by an attacker.	CVE-2025-66456 GHSA-hxj9-33pp-j2cc

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:49:06.794913+00:00	GitLab Importer	Fixing	VCID-4wjr-2u8x-dbdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/elysia/CVE-2025-66456.yml	38.6.0