Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nodejsAnonymousNODEJS:1785
HistorySep 20, 2021 - 6:58 p.m.

Type confusion

2021-09-2018:58:37
Anonymous
www.npmjs.com
45
JSON

Overview

In mpath before 0.8.4 a type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is [‘proto’]. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input.

Recommendation

Upgrade to version 0.8.4 or later

References

CPENameOperatorVersion
mpathlt0.8.4

Related

veracode 1
redhatcve 1
osv 2
prion 1
cve 1
github 1
ibm 1
nessus 1
veracode
veracode
Prototype Pollution
2021-09-02 08:08:03
redhatcve
redhatcve
CVE-2021-23438
2021-09-03 13:39:09
osv
osv
Type confusion in mpath
2021-09-02 22:02:25
CVE-2021-23438
2021-09-01 19:15:07
prion
prion
Type confusion
2021-09-01 19:15:00
cve
cve
CVE-2021-23438
2021-09-01 19:15:00
github
github
Type confusion in mpath
2021-09-02 22:02:25
ibm
ibm
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
2022-08-31 20:25:04
nessus
nessus
IBM Cognos Analytics Multiple Vulnerabilities (6616285)
2022-09-02 00:00:00
JSON
Related for NODEJS:1785
veracode1redhatcve1osv2prion1cve1github1ibm1nessus1