Mozilla Convict vulnerabilities

CVE-2023-0163 [HIGH] CWE-1321 CVE-2023-0163: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerabil Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mozilla Convict. This allows an attacker to inject attributes that are used in other components, or to override existing attributes with ones that have incompatible type, which may lead to a crash. The main use case of Convict is for handling s

CVE-2022-21190 [HIGH] CWE-1321 CVE-2022-21190: This affects the package convict before 6.2.3. This is a bypass of [CVE-2022-22143](https://security This affects the package convict before 6.2.3. This is a bypass of [CVE-2022-22143](https://security.snyk.io/vuln/SNYK-JS-CONVICT-2340604). The [fix](https://github.com/mozilla/node-convict/commit/3b86be087d8f14681a9c889d45da7fe3ad9cd880) introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it

CVE-2022-22143 [HIGH] CWE-1321 CVE-2022-22143: The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. **Note:** This vulnerability derives from an incomplete fix of another [vulnerability](https://security.snyk.io/vuln/SNYK-JS-CONVICT-1062508)