Описание
Prototype Pollution in mpath
Versions of mpath before 0.5.1 are vulnerable to prototype pollution. Provided certain input mpath can add or modify properties of the Object prototype. These properties will be present on all objects.
Recommendation
Update to version 0.5.1 or later.
Пакеты
Наименование
mpath
npm
Затронутые версииВерсия исправления
< 0.5.1
0.5.1
Связанные уязвимости
CVSS3: 4.2
redhat
около 7 лет назад
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
CVSS3: 7.5
nvd
около 7 лет назад
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.