Key-Moon

**Name of the Vulnerable Software and Affected Versions** Conform versions prior to 1.1.1 **Description** Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to `parseWith...` functions. Applications that use Conform for server-side validation of form data or URL parameters are affected by this issue. **Recommendations** For versions prior to 1.1.1, update to version 1.1.1 to resolve the issue. As a temporary workaround, consider restricting the use of the `parseWith...` functions until a patch is applied. Avoid using the `object.property` form for parsing nested objects in affected versions.