Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2021/09/03 1:39 p.m.50 views

CVE-2021-23438

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...

9.8CVSS2.5AI score0.01723EPSS
Exploits2References5
Prion
Prion
added 2021/09/01 7:15 p.m.17 views

Type confusion

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...

7.5CVSS8.5AI score0.01723EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2021/09/01 6:20 p.m.28 views

CVE-2021-23438 Prototype Pollution

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...

5.6CVSS8.9AI score0.01723EPSS
Exploits1References3
Snyk
Snyk
added 2021/08/31 5:53 p.m.3 views

Prototype Pollution

Overview mpath is a package that gets/sets javascript object values using MongoDB-like path notation. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition...

9.8CVSS8.1AI score0.01723EPSS
Exploits2References2
Rows per page
Query Builder