Releases31
Frequency2 months 4 days
Last Release
Proper decorator-based transformation / serialization / deserialization of plain javascript objects to class constructors

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 0.3.15.3 MEDIUM5 MEDIUM

class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.