9 matches found
EUVD-2021-2096
Malware in sbrugna...
Type confusion
Overview In mpath before 0.8.4 a type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...
Type confusion in mpath
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...
Type confusion
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...
CVE-2021-23438
CVE-2021-23438 affects the Node.js mpath module prior to 0.8.4. The vulnerability is a type confusion that can bypass CVE-2018-16490 by mishandling array input (using Array.prototype.indexOf instead of String.prototype.indexOf) when processing the path elements, enabling a prototype/polution-styl...
47pages-keystone (>=0.0.1 <=0.0.5), @abtnode/mongoose-nedb (=1.0.16) +1543 more potentially affected by CVE-2018-16490 via mpath (>=0.1.1 <=0.5.0)
mpath NPM version =0.1.1, =0.0.1, =0.0.1, =0.7.15, =1.0.7, =0.0.0-alpha.1, =0.0.0, =0.0.1, =2.0.8, =1.2.17, =0.7.6, =0.7.6-8 and more Source cves: CVE-2018-16490 Source advisory: OSV:GHSA-H466-J336-74WX...
CVE-2018-16490
A prototype pollution vulnerability was found in module mpath 0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16490
A prototype pollution vulnerability was found in module mpath 0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16490
CVE-2018-16490 affects the mpath npm package prior to version 0.8.4, where a prototype pollution flaw can lead to arbitrary properties being injected onto Object.prototype. The root cause is a type handling mismatch in ignoreProperties.indexOf(parts[i]); when parts[i] is proto , the code path use...