0.001 Low
EPSS
Percentile
47.8%
nconf is vulnerable to prototype pollution. The function prototype.set() allows an attacker to get control of value of “path” and modify attributes such as __proto__, constructor and prototype.
prototype.set()
__proto__
constructor
prototype
github.com/indexzero/nconf/commit/26f69fb800b4503071e1434067518c445cc79e94
github.com/indexzero/nconf/pull/397
github.com/indexzero/nconf/pull/397/commits/26f69fb800b4503071e1434067518c445cc79e94
github.com/indexzero/nconf/releases/tag/v0.11.4