Описание
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is ['proto']. This is because the === operator returns always false when the type of the operands is different.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.11.3-1ubuntu0.1 |
| devel | needs-triage | |
| esm-apps/bionic | released | 0.11.3-1ubuntu0.1 |
| esm-apps/focal | released | 0.11.4-2ubuntu0.1 |
| esm-apps/jammy | not-affected | 0.11.7-1 |
| esm-apps/noble | needs-triage | |
| esm-infra-legacy/trusty | DNE | |
| focal | released | 0.11.4-2ubuntu0.1 |
| hirsute | ignored | end of life |
| impish | ignored | end of life |
Показывать по
Ссылки на источники
7.5 High
CVSS2
5.6 Medium
CVSS3
Связанные уязвимости
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different.
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different.
This affects the package object-path before 0.11.6. A type confusion v ...
Уязвимость модуля Node Object-path, связанная с ошибками преобразования типов данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
7.5 High
CVSS2
5.6 Medium
CVSS3