CVE-2024-32866

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

Prototype Pollution

Conform is vulnerable to prototype pollution. The vulnerability is due to the nested object parsing, allowing attackers to trigger prototype pollution by passing crafted input to parseWith functions. Applications using Conform for server-side validation of form data or URL parameters are affected...

@kentcdodds/workshop-app (>=1.41.0 <=1.46.7), remix-server-kit (>=3.0.0-beta1 <=3.0.0-beta4) potentially affected by CVE-2024-32866 via @conform-to/zod (>=0.5.1 <=0.7.4)

@conform-to/zod NPM version =0.5.1, =1.41.0, =3.0.0-beta1, =3.0.0-beta4 Source cves: CVE-2024-32866 Source advisory: OSV:GHSA-624G-8QJG-8QXF...

@conform-to/react (>=0.1.0 <=0.9.1), @kentcdodds/workshop-app (>=1.41.0 <=1.46.7) +1 more potentially affected by CVE-2024-32866 via @conform-to/dom (>=0.1.0 <=0.9.1)

@conform-to/dom NPM version =0.1.0, =0.1.0, =1.41.0, =3.0.0-beta1, =3.0.0-beta4 Source cves: CVE-2024-32866 Source advisory: OSV:GHSA-624G-8QJG-8QXF...

GHSA-624G-8QJG-8QXF Conform contains a Prototype Pollution Vulnerability in `parseWith...` function

Summary Conform allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to parseWith... functions. PoC javascript const parseWithZod =...

Conform contains a Prototype Pollution Vulnerability in `parseWith...` function

Summary Conform allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to parseWith... functions. PoC javascript const parseWithZod =...

@bobsled/consumer-components (>=0.0.2 <=0.0.10), @conform-to/react (>=1.0.0 <=1.19.2) +25 more potentially affected by CVE-2024-32866 via @conform-to/dom (>=1.0.0 <=1.1.0)

@conform-to/dom NPM version =1.0.0, =0.0.2, =1.0.0, =1.0.0, =1.10.0, =1.0.0, =1.17.1-depup.0, =1.17.1-depup.0, =0.0.0-semantically-released, =0.1.0, =0.5.4-unstable.983d500f - @kurocado-studio/atelier-motion-react =1.0.0 - @kurocado-studio/atelier-motion-vue =1.0.0 -...

@bobsled/consumer-components (>=0.0.2 <=0.0.10), @epic-web/workshop-app (>=0.0.0-semantically-released <=6.90.4) +19 more potentially affected by CVE-2024-32866 via @conform-to/zod (=1.19.2)

@conform-to/zod NPM version =1.19.2 is affected by a known vulnerability. The following packages have a transitive dependency on @conform-to/zod and may be impacted: - @bobsled/consumer-components =0.0.2, =0.0.0-semantically-released, =0.1.0, =1.0.0, =1.0.0, =1.0.0-develop.1, =1.0.0,...

CVE-2024-32866

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

CVE-2024-32866

CVE-2024-32866 concerns Conform, a type-safe form validation library. The issue enables prototype pollution through parsing of nested objects (object.property) in parseWith… functions due to an improper implementation in versions prior to 1.1.1. This affects server-side validation of form data or...

CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

CVE-2024-32866

creationtimestamp| type| source ---|---|--- 2024-04-23 20:31:27+00:00| published-proof-of-concept| https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf...

Conform 安全漏洞

Conform is a type-safe form validation library from the Edmund Hung Personal Developer. A security vulnerability exists in Conform 1.1.0 and earlier versions, which stems from allowing an attacker to trigger prototype contamination by passing specially crafted input to parseWith...

conform-sitzkissen.de Cross Site Scripting vulnerability OBB-3478732

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2020-25663

A call to ConformPixelInfo in the SetImageAlphaChannel routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed or GetPixelBlue was called. This could occur if an attacker is able to submit a malicious image file to be processed by...