6 matches found
EUVD-2021-2096
Malware in sbrugna...
GHSA-P92X-R36W-9395 Type confusion in mpath
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...
1405-authtokens (>=1.0.1 <=1.0.5), 1405_logging (=1.0.0) +4380 more potentially affected by CVE-2021-23438 via mpath (>=0.1.1 <=0.8.3)
mpath NPM version =0.1.1, =1.0.1, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.0.1, =0.3.5, =1.2.3, =0.2.0, =0.0.1, =0.1.3 and more Source cves: CVE-2021-23438 Source advisory: OSV:GHSA-P92X-R36W-9395...
Prototype Pollution
mpath is vulnerable to prototype pollution. The vulnerability exists due to the condition ignoreProperties.indexOfpartsi !== -1 giving an incorrect return value when the input is an array...
1405-authtokens (>=1.0.1 <=1.0.5), 1405_logging (=1.0.0) +4380 more potentially affected by CVE-2018-16490 +1 more via mpath (>=0.1.1 <=0.8.3)
mpath NPM version =0.1.1, =1.0.1, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.0.1, =0.3.5, =1.2.3, =0.2.0, =0.0.1, =0.1.3 and more Source cves: CVE-2018-16490, CVE-2021-23438 Source advisory: SNYK:JS-MPATH-1577289...
47pages-keystone (>=0.0.1 <=0.0.5), @abtnode/mongoose-nedb (=1.0.16) +1543 more potentially affected by CVE-2018-16490 via mpath (>=0.1.1 <=0.5.0)
mpath NPM version =0.1.1, =0.0.1, =0.0.1, =0.7.15, =1.0.7, =0.0.0-alpha.1, =0.0.0, =0.0.1, =2.0.8, =1.2.17, =0.7.6, =0.7.6-8 and more Source cves: CVE-2018-16490 Source advisory: OSV:GHSA-H466-J336-74WX...