logo

Database

Server side cross-site scripting In express-validator

Description

Affected versions of this package are vulnerable to Filter Bypass. express-validator by default does not sanitize arrays or non-string values. This vulnerability could be leveraged by an attacker to bypass express-validator protections and inject malicious JavaScript into a webpage.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. db.fluidattacks.com

References

1. https://github.com/express-validator/express-validator/pull/711

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.