A prototype pollution vulnerability has been found in object-path <= 0.11.4 affecting the set() method. The vulnerability is limited to the includeInheritedProps mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of object-path and setting the o...
9.8CVSS
8.5AI Score
0.003EPSS
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto ' returns false if currentPath is ['proto ']. This is because...
8.6CVSS
8.9AI Score
0.007EPSS
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
7.5CVSS
7.3AI Score
0.003EPSS