tiny-conf@1.0.1 vulnerabilities

Node.js configuration with files, environment variables, command-line arguments, ... pluggable architecture in order to work in the browser & server-side

Direct Vulnerabilities

Known vulnerabilities in the tiny-conf package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Prototype Pollution

tiny-conf is a Node.js configuration with files, environment variables, command-line arguments, ... pluggable architecture in order to work in the browser & server-side

Affected versions of this package are vulnerable to Prototype Pollution via the set function.

POC

const tinyConf = require('tiny-conf'); 
tinyConf.set('__proto__.polluted', true); 
console.log(polluted); //true

How to fix Prototype Pollution?

There is no fixed version for tiny-conf.

*