Mpath ProjectCVEs & Vulnerabilities
2 CVEs affecting Mpath Project products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
2 CVEs→ All vendors
Most Affected Products
mpath 2
CVE-2021-23438CRITICAL
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input.
1 Sep 2021
9.8
CVSS
CVE-2018-16490HIGH
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
1 Feb 2019
7.5
CVSS
← PrevPage 1 / 1Next →