CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
69.9%
A prototype pollution vulnerability has been found in object-path
<= 0.11.4 affecting the set()
method. The vulnerability is limited to the includeInheritedProps
mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of object-path
and setting the option includeInheritedProps: true
, or by using the default withInheritedProps
instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of set()
in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don’t use the includeInheritedProps: true
options or the withInheritedProps
instance if using a version >= 0.11.0.
[
{
"product": "object-path",
"vendor": "mariocasciaro",
"versions": [
{
"status": "affected",
"version": "< 0.11.5"
}
]
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
69.9%