Lucene search
China National Vulnerability DatabaseCNVD-2022-55154HistoryApr 15, 2022 - 12:00 a.m.
nconf has unspecified vulnerabilities
2022-04-1500:00:00
China National Vulnerability Database
www.cnvd.org.cn
28
nconf
toml
plugin
vulnerability
.set() function
prototype contamination
javascript
override
security
EPSS
0.002
Percentile
53.3%
nconf is a TOML-formatted plugin. nconf versions prior to 0.11.4 have a security vulnerability that stems from the .set() function, which is responsible for setting configuration properties, being vulnerable to prototype contamination, which can be exploited by attackers to override JavaScript application object prototypes.
Related
redhatcve
redhatcve
CVE-2022-21803
2022-04-12 20:00:53
github
github
Prototype Pollution in nconf
2022-04-13 00:00:30
ibm
ibm
prion
prion
Design/Logic Flaw
2022-04-12 16:15:00
veracode
veracode
Prototype Pollution
2022-04-13 03:18:28
cve
cve
CVE-2022-21803
2022-04-12 16:15:08
cvelist
cvelist
CVE-2022-21803 Prototype Pollution
2022-04-12 15:20:12
osv
osv
Prototype Pollution in nconf
2022-04-13 00:00:30
CVE-2022-21803
2022-04-12 16:15:08
nvd
nvd
CVE-2022-21803
2022-04-12 16:15:08
redhat
redhat
nessus
nessus
IBM Cognos Analytics Multiple Vulnerabilities (6616285)
2022-09-02 00:00:00