The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in...
9.8CVSS
9.4AI Score
0.006EPSS
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype...
7.5CVSS
7.3AI Score
0.002EPSS
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is ['proto']. This is because.....
8.6CVSS
8.9AI Score
0.003EPSS
A prototype pollution vulnerability has been found in object-path <= 0.11.4 affecting the set() method. The vulnerability is limited to the includeInheritedProps mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of object-path and setting the o...
9.8CVSS
8.6AI Score
0.003EPSS