@conform-to/dom@0.7.3 vulnerabilities

A set of opinionated helpers built on top of the Constraint Validation API

Direct Vulnerabilities

Known vulnerabilities in the @conform-to/dom package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Prototype Pollution

@conform-to/dom is an A set of opinionated helpers built on top of the Constraint Validation API

Affected versions of this package are vulnerable to Prototype Pollution due to an improper implementation of the feature that parses nested objects in the form of object.property. An attacker can exploit this feature to manipulate the prototype of the target object by passing specially crafted input to the parseWith functions.

Note

This issue affects applications utilizing the library for server-side validation of form data or URL parameters.

How to fix Prototype Pollution?

Upgrade @conform-to/dom to version 0.9.2, 1.1.1 or higher.

<0.9.2 >=1.0.0 <1.1.1