References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mozilla Convict.

This allows an attacker to inject attributes that are used in other components, or to override existing attributes with ones that have incompatible type, which may lead to a crash.


The main use case of Convict is for handling server-side 
configurations written by the admins owning the servers, and not random 
users. So it's unlikely that an admin would deliberately sabo

CWE-1321

https://github.com/mozilla/node-convict/issues/410

https://github.com/mozilla/node-convict/security/advisories/GHSA-4jrm-c32x-w4jf