Lucene search
Redhat.comRH:CVE-2021-23438HistorySep 03, 2021 - 1:39 p.m.
CVE-2021-23438
2021-09-0313:39:09
redhat.com
access.redhat.com
26
0.004 Low
EPSS
Percentile
73.3%
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is [‘proto’]. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input.
Related
osv
osv
Type confusion in mpath
2021-09-02 22:02:25
CVE-2021-23438
2021-09-01 19:15:07
Prototype Pollution in mpath
2019-02-07 18:17:26
cvelist
cvelist
CVE-2021-23438 Prototype Pollution
2021-09-01 00:00:00
prion
prion
Type confusion
2021-09-01 19:15:00
Buffer overflow
2019-02-01 18:29:00
cve
cve
CVE-2021-23438
2021-09-01 19:15:00
CVE-2018-16490
2019-02-01 18:29:00
github
github
Type confusion in mpath
2021-09-02 22:02:25
Prototype Pollution in mpath
2019-02-07 18:17:26
redhatcve
redhatcve
CVE-2018-16490
2019-02-04 20:49:27
veracode
veracode
Prototype Pollution
2021-09-02 08:08:03
Prototype Pollution
2019-02-04 03:43:45
nodejs
nodejs
Prototype Pollution
2019-02-06 00:59:55
Type confusion
2021-09-20 18:58:37
hackerone
hackerone
ibm
ibm
nessus
nessus
IBM Cognos Analytics Multiple Vulnerabilities (6616285)
2022-09-02 00:00:00