Object-path Security Vulnerabilities and Issues — Object-path CVE List

Lucene search

Object-path ProjectObject-path

3 matches found

CVE•added 2021/08/27 5:15 p.m.•180 views

CVE-2021-23434

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto ' returns false if currentPath is ['proto ']. This is because...

8.6CVSS7.2AI score0.00311EPSS

CVE•added 2020/10/19 10:15 p.m.•168 views

CVE-2020-15256

A prototype pollution vulnerability has been found in object-path = 0.11.0 is used), which has to be explicitly enabled by creating a new instance of object-path and setting the option includeInheritedProps: true, or by using the default withInheritedProps instance. The default operating mode is no...

9.8CVSS6.8AI score0.00311EPSS

CVE•added 2021/09/17 6:15 a.m.•132 views

CVE-2021-3805

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

7.5CVSS7.4AI score0.00113EPSS