Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23438 | 1 Mpath Project | 1 Mpath | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input. | |||||
| CVE-2018-16490 | 1 Mpath Project | 1 Mpath | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | |||||