Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2096

Malware in sbrugna...

9.8CVSS7.7AI score0.01723EPSS
Exploits1References7
Node.js
Node.js
added 2021/09/20 6:58 p.m.95 views

Type confusion

Overview In mpath before 0.8.4 a type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...

7.5CVSS3.4AI score0.01723EPSS
Exploits2Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 10:2 p.m.70 views

Type confusion in mpath

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...

9.8CVSS7.9AI score0.01723EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2021/09/01 7:15 p.m.18 views

Type confusion

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...

7.5CVSS8.5AI score0.01723EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2021/09/01 6:20 p.m.70 views

CVE-2021-23438

CVE-2021-23438 affects the Node.js mpath module prior to 0.8.4. The vulnerability is a type confusion that can bypass CVE-2018-16490 by mishandling array input (using Array.prototype.indexOf instead of String.prototype.indexOf) when processing the path elements, enabling a prototype/polution-styl...

9.8CVSS7.3AI score0.01723EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2019/02/07 6:17 p.m.4 views

47pages-keystone (>=0.0.1 <=0.0.5), @abtnode/mongoose-nedb (=1.0.16) +1543 more potentially affected by CVE-2018-16490 via mpath (>=0.1.1 <=0.5.0)

mpath NPM version =0.1.1, =0.0.1, =0.0.1, =0.7.15, =1.0.7, =0.0.0-alpha.1, =0.0.0, =0.0.1, =2.0.8, =1.2.17, =0.7.6, =0.7.6-8 and more Source cves: CVE-2018-16490 Source advisory: OSV:GHSA-H466-J336-74WX...

7.5CVSS7.2AI score0.01101EPSS
Exploits1
NVD
NVD
added 2019/02/01 6:29 p.m.22 views

CVE-2018-16490

A prototype pollution vulnerability was found in module mpath 0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype...

7.5CVSS6.7AI score0.01101EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/02/01 6:0 p.m.32 views

CVE-2018-16490

A prototype pollution vulnerability was found in module mpath 0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype...

6.7AI score0.01101EPSS
Exploits1References1
CVE
CVE
added 2019/02/01 6:0 p.m.81 views

CVE-2018-16490

CVE-2018-16490 affects the mpath npm package prior to version 0.8.4, where a prototype pollution flaw can lead to arbitrary properties being injected onto Object.prototype. The root cause is a type handling mismatch in ignoreProperties.indexOf(parts[i]); when parts[i] is proto , the code path use...

7.5CVSS7.7AI score0.01101EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder