Mpath Project

mpath_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Mpath

mpath

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-23438 1Mpath Project 1Mpath Nov 21, 2024 Sep 1, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__pro...Show more This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input.Show less
CVE-2018-16490 1Mpath Project 1Mpath Nov 21, 2024 Feb 1, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-23438

1Mpath Project

1Mpath

Nov 21, 2024

Sep 1, 2021

N/A· v4

9.8 CRITICAL· v3

7.5 HIGH· v2

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input.Show less

CVE-2018-16490

1Mpath Project

1Mpath

Nov 21, 2024

Feb 1, 2019

N/A· v4

7.5 HIGH· v3

5.0 MEDIUM· v2

A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.