7ghost (>=4.11.0 <=4.11.46), @absolunet/nwayo-workflow (>=3.6.0 <=3.8.2) +887 more potentially affected by CVE-2022-21803 via nconf (>=0.10.0 <=0.11.3)

nconf NPM version =0.10.0, =4.11.0, =3.6.0, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =1.2.5, =2.0.4, =1.0.0, =3.2.1, =0.0.1, =1.0.0, =0.0.1-feature-5cf2ee-kaxka2d7, =2.3.0-feature-f2daa5-kkqvjc9m and more Source cves: CVE-2022-21803 Source advisory: OSV:GHSA-6XWR-Q98W-RVG7...

GHSA-6XWR-Q98W-RVG7 Prototype Pollution in nconf

nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to...

7ghost (>=4.11.0 <=4.11.46), @absolunet/nwayo-workflow (>=3.6.0 <=3.8.2) +887 more potentially affected by CVE-2022-21803 via nconf (>=0.10.0 <=0.11.3)

nconf NPM version =0.10.0, =4.11.0, =3.6.0, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =1.2.5, =2.0.4, =1.0.0, =3.2.1, =0.0.1, =1.0.0, =0.0.1-feature-5cf2ee-kaxka2d7, =2.3.0-feature-f2daa5-kkqvjc9m and more Source cves: CVE-2022-21803 Source advisory: SNYK:JS-NCONF-2395478...