GHSA-h466-j336-74wx

Suggest an improvement
Source
https://github.com/advisories/GHSA-h466-j336-74wx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-h466-j336-74wx/GHSA-h466-j336-74wx.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-h466-j336-74wx
Aliases
  • CVE-2018-16490
Published
2019-02-07T18:17:26Z
Modified
2023-11-08T04:00:00.932917Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Prototype Pollution in mpath
Details

Versions of mpath before 0.5.1 are vulnerable to prototype pollution. Provided certain input mpath can add or modify properties of the Object prototype. These properties will be present on all objects.

Recommendation

Update to version 0.5.1 or later.

Database specific 
{
    "github_reviewed_at": "2020-06-16T21:38:42Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-1321",
        "CWE-400"
    ],
    "github_reviewed": true,
    "nvd_published_at": null
}
References

Affected packages

npm / mpath

Package

Name
mpath
View open source insights on deps.dev
Purl
pkg:npm/mpath

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.1

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-h466-j336-74wx/GHSA-h466-j336-74wx.json"