CVE-2021-23438

Published: Sep 1, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input.

Affected (1)

Products: Mpath Project: Mpath

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mpath Project Mpath	Before 0.8.4

Related CWEs

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (6)

https://github.com/aheckmann/mpath/commit/89402d2880d4ea3518480a8c9847c541f2d824fc

Source: report@snyk.io

PatchThird Party Advisory

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1579548

Source: report@snyk.io

ExploitThird Party Advisory

https://snyk.io/vuln/SNYK-JS-MPATH-1577289

Source: report@snyk.io

ExploitThird Party Advisory

https://github.com/aheckmann/mpath/commit/89402d2880d4ea3518480a8c9847c541f2d824fc

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1579548

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://snyk.io/vuln/SNYK-JS-MPATH-1577289

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.