CVE-2020-7637
class-transformer through 0.2.3 is vulnerable to Command Injection.the ‘classToPlainFromExist’ function could be tricked into adding or modifying properties of ‘Object.prototype’ using a ‘__proto__’ payload.
Source: CVE-2020-7637
CVE-2020-7637
class-transformer through 0.2.3 is vulnerable to Command Injection.the ‘classToPlainFromExist’ function could be tricked into adding or modifying properties of ‘Object.prototype’ using a ‘__proto__’ payload.
Source: CVE-2020-7637