CVE-2024-32866

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Apr 23, 2024

Updated: Apr 24, 2024

CWE ID 1321

Summary

CVE-2024-32866 is a vulnerability affecting the Conform type-safe form validation library. Prior to version 1.1.1, Conform permits the parsing of nested objects using the syntax `object.property`. This feature, when mishandled, allows prototype pollution, a type of attack, by an attacker who can provide crafted inputs to `parseWith...` functions. Applications relying on Conform for server-side validation of form data or URL parameters are susceptible to this issue, which has been mitigated in version 1.1.1 with a patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vfneni
https://www.cve.org/CVERecord?id=CVE-2024-32866
https://nvd.nist.gov/vuln/detail/CVE-2024-32866

Back to Vulnerability Database

CVE-2024-32866

CVSS 3.1 Score 8.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations