Vulnerability	Vulnerable Version
H Prototype Pollution @conform-to/yup is a Conform helpers for integrating with yup Affected versions of this package are vulnerable to Prototype Pollution due to an improper implementation of the feature that parses nested objects in the form of `object.property`. An attacker can exploit this feature to manipulate the prototype of the target object by passing specially crafted input to the `parseWith` functions. Note This issue affects applications utilizing the library for server-side validation of form data or URL parameters. How to fix Prototype Pollution? Upgrade `@conform-to/yup` to version 0.9.2, 1.1.1 or higher.	<0.9.2>=1.0.0 <1.1.1

Prototype Pollution

@conform-to/yup is a Conform helpers for integrating with yup

Affected versions of this package are vulnerable to Prototype Pollution due to an improper implementation of the feature that parses nested objects in the form of object.property. An attacker can exploit this feature to manipulate the prototype of the target object by passing specially crafted input to the parseWith functions.

Note

This issue affects applications utilizing the library for server-side validation of form data or URL parameters.

How to fix Prototype Pollution?

Upgrade @conform-to/yup to version 0.9.2, 1.1.1 or higher.

<0.9.2>=1.0.0 <1.1.1

Go back to all versions of this package