CVE-2022-22143

Summary

The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. Note: This vulnerability derives from an incomplete fix of another vulnerability

Affected Software

VendorProductVersion RangeStatus
n/aconvictunspecified < 6.2.2affected

Weaknesses

  • Prototype Pollution

ADP Enrichment

CVE Program Container

Additional References

References