{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T01:30:50.385","vulnerabilities":[{"cve":{"id":"CVE-2026-31865","sourceIdentifier":"security-advisories@github.com","published":"2026-03-18T04:17:19.393","lastModified":"2026-03-20T17:52:07.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. `__proto__`. This issue is patched in 1.4.27. As a workaround, use t.Cookie validation to enforce validation value and/or prevent iterable over cookie if possible."},{"lang":"es","value":"Elysia es un framework de Typescript para la validación de solicitudes, inferencia de tipos, documentación OpenAPI y comunicación cliente-servidor. Antes de la versión 1.4.27, una cookie de Elysia podía ser sobrescrita mediante contaminación de prototipos, p. ej. `__proto__`. Este problema está parcheado en la versión 1.4.27. Como solución alternativa, use la validación t.Cookie para forzar el valor de validación y/o evitar la iteración sobre la cookie si es posible."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elysiajs:elysia:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.4.27","matchCriteriaId":"D271578B-3D8C-496B-A511-4673FFCB69D5"}]}]}],"references":[{"url":"https://github.com/elysiajs/elysia/commit/e9d6b1743fa7368ef942dce181f6a089757f6aab","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/elysiajs/elysia/security/advisories/GHSA-8hq9-phh3-p2wp","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}}]}