3 matches found
CVE-2026-44483 RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP form data)
RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...
@rvf/set-get has a prototype pollution issue that's reachable via @rvf/core preprocessFormData (HTTP form data)
Summary setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking a path. Because field names in submitted form data are passed directly to setPath via preprocessFormData and through...
GHSA-C567-44RC-M5HQ @rvf/set-get has a prototype pollution issue that's reachable via @rvf/core preprocessFormData (HTTP form data)
Summary setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking a path. Because field names in submitted form data are passed directly to setPath via preprocessFormData and through...