Lucene search

K

Mpath Security Vulnerabilities

cve
cve

CVE-2018-16490

A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.

7.5CVSS

7.7AI Score

0.001EPSS

2019-02-01 06:29 PM
55
cve
cve

CVE-2021-23438

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['proto ']. This is because the method that has been called if the input is an array i...

9.8CVSS

7.4AI Score

0.006EPSS

2021-09-01 07:15 PM
44