npm package
mpath
pkg:npm/mpath
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-23438 | — | < 0.8.4 | 0.8.4 | Sep 1, 2021 | This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if t | ||
| CVE-2018-16490 | — | < 0.5.1 | 0.5.1 | Feb 1, 2019 | A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. |
- CVE-2021-23438Sep 1, 2021affected < 0.8.4fixed 0.8.4
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if t
- CVE-2018-16490Feb 1, 2019affected < 0.5.1fixed 0.5.1
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.