Homepage
About Snyk

@conform-to/yup@0.8.0-pre.0 vulnerabilities

Conform helpers for integrating with yup

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @conform-to/yup package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Prototype Pollution

@conform-to/yup is a Conform helpers for integrating with yup

Affected versions of this package are vulnerable to Prototype Pollution due to an improper implementation of the feature that parses nested objects in the form of object.property. An attacker can exploit this feature to manipulate the prototype of the target object by passing specially crafted input to the parseWith functions.

Note

This issue affects applications utilizing the library for server-side validation of form data or URL parameters.

How to fix Prototype Pollution?

Upgrade @conform-to/yup to version 1.1.1 or higher.

<1.1.1
Go back to all versions of this package