Object-path Security Vulnerabilities and Issues — Object-path CVE List

Object-path ProjectObject-path

3 matches found

CVE•added 2021/08/27 4:50 p.m.•200 views

CVE-2021-23434

The CVE-2021-23434 entry concerns the Node.js object-path package (versions before 0.11.6) with a type confusion vulnerability that can bypass the CVE-2020-15256 fix when path components are arrays. The condition currentPath === 'proto ' fails for currentPath = ['proto '], enabling potential expl...

8.6CVSS7.2AI score0.0039EPSS

CVE•added 2020/10/19 9:25 p.m.•188 views

CVE-2020-15256

The CVE-2020-15256 issue concerns the Node.js object-path library where prototype pollution can occur in set() when includeInheritedProps is enabled or using the withInheritedProps instance. Affected versions are

9.8CVSS6.8AI score0.00163EPSS

CVE•added 2021/09/17 12:0 a.m.•150 views

CVE-2021-3805

CVE-2021-3805 concerns the Node.js library object-path , vulnerable to a prototype pollution flaw. The Root Cause cited in multiple sources is improper modification of Object.prototype attributes, specifically via the del() function when using inherited props (includeInheritedProps). Several conn...

7.5CVSS7.4AI score0.0065EPSS