mpath@0.5.1 vulnerabilities
{G,S}et object values using MongoDB-like path notation
-
latest version
0.9.0
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
2 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the mpath package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
mpath is a package that gets/sets javascript object values using MongoDB-like path notation. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition PoC
How to fix Prototype Pollution? Upgrade |
<0.8.4
|