Homepage
About Snyk

@conform-to/zod@0.4.0-pre.0 vulnerabilities

Conform helpers for integrating with Zod

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @conform-to/zod package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Prototype Pollution

@conform-to/zod is a Conform helpers for integrating with Zod

Affected versions of this package are vulnerable to Prototype Pollution due to an improper implementation of the feature that parses nested objects in the form of object.property. An attacker can exploit this feature to manipulate the prototype of the target object by passing specially crafted input to the parseWith functions.

Note

This issue affects applications utilizing the library for server-side validation of form data or URL parameters.

How to fix Prototype Pollution?

Upgrade @conform-to/zod to version 1.1.1 or higher.

<1.1.1
Go back to all versions of this package