EUVD-2021-2096

Malware in sbrugna...

1405-authtokens (>=1.0.1 <=1.0.5), 1405_logging (=1.0.0) +4380 more potentially affected by CVE-2021-23438 via mpath (>=0.1.1 <=0.8.3)

mpath NPM version =0.1.1, =1.0.1, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.0.1, =0.3.5, =1.2.3, =0.2.0, =0.0.1, =0.1.3 and more Source cves: CVE-2021-23438 Source advisory: OSV:GHSA-P92X-R36W-9395...

GHSA-P92X-R36W-9395 Type confusion in mpath

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...

Prototype Pollution

mpath is vulnerable to prototype pollution. The vulnerability exists due to the condition ignoreProperties.indexOfpartsi !== -1 giving an incorrect return value when the input is an array...

1405-authtokens (>=1.0.1 <=1.0.5), 1405_logging (=1.0.0) +4380 more potentially affected by CVE-2018-16490 +1 more via mpath (>=0.1.1 <=0.8.3)

mpath NPM version =0.1.1, =1.0.1, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.0.1, =0.3.5, =1.2.3, =0.2.0, =0.0.1, =0.1.3 and more Source cves: CVE-2018-16490, CVE-2021-23438 Source advisory: SNYK:JS-MPATH-1577289...

47pages-keystone (>=0.0.1 <=0.0.5), @abtnode/mongoose-nedb (=1.0.16) +1542 more potentially affected by CVE-2018-16490 via mpath (>=0.1.1 <=0.5.0)

mpath NPM version =0.1.1, =0.0.1, =0.0.1, =0.7.15, =1.0.7, =0.0.0-alpha.1, =0.0.0, =0.0.1, =2.0.8, =1.2.17, =0.7.6, =0.7.6-8 and more Source cves: CVE-2018-16490 Source advisory: OSV:GHSA-H466-J336-74WX...