Skip to main content

Convict

2 CVEs product

Monthly

CVE-2022-21190 npm CRITICAL POC PATCH Act Now

This affects the package convict before 6.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Prototype Pollution Mozilla Convict
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-22143 npm CRITICAL POC PATCH Act Now

The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Convict
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

This affects the package convict before 6.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Prototype Pollution Mozilla +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Convict
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy