{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T14:03:34.768","vulnerabilities":[{"cve":{"id":"CVE-2024-32866","sourceIdentifier":"security-advisories@github.com","published":"2024-04-23T21:15:48.407","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to `parseWith...` functions. Applications that use conform for server-side validation of form data or URL parameters are affected by this vulnerability. Version 1.1.1 contains a patch for the issue.\n"},{"lang":"es","value":"Conform, una librería de validación de formularios con seguridad de tipos, permite el análisis de objetos anidados en forma de `object.property`. Debido a una implementación incorrecta de esta característica en versiones anteriores a la 1.1.1, un atacante puede explotar la característica para desencadenar la contaminación del prototipo pasando una entrada manipulada a las funciones `parseWith...`. Esta vulnerabilidad afecta a las aplicaciones que utilizan conform para la validación del lado del servidor de datos de formulario o parámetros de URL. La versión 1.1.1 contiene un parche para el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://github.com/edmundhung/conform/blob/59156d7115a7207fa3b6f8a70a4342a9b24c2501/packages/conform-dom/formdata.ts#L117","source":"security-advisories@github.com"},{"url":"https://github.com/edmundhung/conform/commit/4819d51b5a53fd5486fc85c17cdc148eb160e3de","source":"security-advisories@github.com"},{"url":"https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf","source":"security-advisories@github.com"},{"url":"https://github.com/edmundhung/conform/blob/59156d7115a7207fa3b6f8a70a4342a9b24c2501/packages/conform-dom/formdata.ts#L117","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/edmundhung/conform/commit/4819d51b5a53fd5486fc85c17cdc148eb160e3de","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}