Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/class-validator@0.10.0-rc.1
Typenpm
Namespace
Nameclass-validator
Version0.10.0-rc.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.14.0
Latest_non_vulnerable_version0.14.0
Affected_by_vulnerabilities
0
url VCID-cv8f-wc36-eyb3
vulnerability_id VCID-cv8f-wc36-eyb3
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
In TypeStack class-validat, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18413
reference_id
reference_type
scores
0
value 0.00114
scoring_system epss
scoring_elements 0.29574
published_at 2026-06-07T12:55:00Z
1
value 0.00114
scoring_system epss
scoring_elements 0.29555
published_at 2026-06-09T12:55:00Z
2
value 0.00114
scoring_system epss
scoring_elements 0.29541
published_at 2026-06-08T12:55:00Z
3
value 0.00114
scoring_system epss
scoring_elements 0.29577
published_at 2026-06-04T12:55:00Z
4
value 0.00114
scoring_system epss
scoring_elements 0.29645
published_at 2026-06-05T12:55:00Z
5
value 0.00114
scoring_system epss
scoring_elements 0.29607
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18413
1
reference_url https://github.com/typestack/class-validator
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/typestack/class-validator
2
reference_url https://github.com/typestack/class-validator/issues/1422#issuecomment-1344635415
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/typestack/class-validator/issues/1422#issuecomment-1344635415
3
reference_url https://github.com/typestack/class-validator/issues/438
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/typestack/class-validator/issues/438
4
reference_url https://github.com/typestack/class-validator/issues/438#issuecomment-964728471
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/typestack/class-validator/issues/438#issuecomment-964728471
5
reference_url https://github.com/typestack/class-validator#passing-options
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/typestack/class-validator#passing-options
6
reference_url https://github.com/typestack/class-validator/pull/1798
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/typestack/class-validator/pull/1798
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18413
reference_id CVE-2019-18413
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18413
8
reference_url https://github.com/advisories/GHSA-fj58-h2fr-3pp2
reference_id GHSA-fj58-h2fr-3pp2
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fj58-h2fr-3pp2
fixed_packages
0
url pkg:npm/class-validator@0.14.0
purl pkg:npm/class-validator@0.14.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/class-validator@0.14.0
aliases CVE-2019-18413, GHSA-fj58-h2fr-3pp2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cv8f-wc36-eyb3
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/class-validator@0.10.0-rc.1