0.001 Low
EPSS
Percentile
41.8%
Versions of mpath before 0.5.1 are vulnerable to prototype pollution. Provided certain input mpath can add or modify properties of the Object prototype. These properties will be present on all objects.
mpath
Object
Update to version 0.5.1 or later.
0.5.1
github.com/advisories/GHSA-h466-j336-74wx
hackerone.com/reports/390860
nvd.nist.gov/vuln/detail/CVE-2018-16490
www.npmjs.com/advisories/779