Vulnerabilities (CVE)

Filtered by vendor Object-path Project Subscribe

Filtered by product Object-path

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-3805	1 Object-path Project	1 Object-path	2022-07-29	5.0 MEDIUM	7.5 HIGH
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23434	1 Object-path Project	1 Object-path	2021-10-04	7.5 HIGH	8.6 HIGH
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different.