Search CVE reports
1 – 3 of 3 results
CVE-2021-3805
Medium prioritySome fixes available 2 of 8
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
1 affected package
node-object-path
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| node-object-path | Needs evaluation | Not affected | Fixed | Fixed | Ignored |
CVE-2021-23434
Medium prioritySome fixes available 2 of 8
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath ===...
1 affected package
node-object-path
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| node-object-path | Needs evaluation | Not affected | Fixed | Fixed | Ignored |
CVE-2020-15256
Low prioritySome fixes available 2 of 3
A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be...
1 affected package
node-object-path
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| node-object-path | — | Not affected | Fixed | Fixed | Not in release |