This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['proto']. This is because the method that has been called if the input is an array...
9.8CVSS
7.4AI Score
0.004EPSS
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto...
7.5CVSS
7.7AI Score
0.001EPSS