Convict
Monthly
This affects the package convict before 6.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
This affects the package convict before 6.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.