Lucene search
GoogleOSV:GHSA-P92X-R36W-9395HistorySep 02, 2021 - 10:02 p.m.
Type confusion in mpath
2021-09-0222:02:25
Google
osv.dev
22
0.004 Low
EPSS
Percentile
74.9%
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input.
References
Related
redhatcve
redhatcve
CVE-2021-23438
2021-09-03 13:39:09
CVE-2018-16490
2019-02-04 20:49:27
nvd
nvd
CVE-2021-23438
2021-09-01 19:15:07
CVE-2018-16490
2019-02-01 18:29:01
cve
cve
CVE-2021-23438
2021-09-01 19:15:07
CVE-2018-16490
2019-02-01 18:29:01
prion
prion
Type confusion
2021-09-01 19:15:00
Buffer overflow
2019-02-01 18:29:00
github
github
Type confusion in mpath
2021-09-02 22:02:25
Prototype Pollution in mpath
2019-02-07 18:17:26
osv
osv
CVE-2021-23438
2021-09-01 19:15:07
Prototype Pollution in mpath
2019-02-07 18:17:26
cvelist
cvelist
CVE-2021-23438 Prototype Pollution
2021-09-01 00:00:00
CVE-2018-16490
2019-02-01 18:00:00
veracode
veracode
Prototype Pollution
2021-09-02 08:08:03
Prototype Pollution
2019-02-04 03:43:45
nodejs
nodejs
Prototype Pollution
2019-02-06 00:59:55
Type confusion
2021-09-20 18:58:37
hackerone
hackerone
ibm
ibm
nessus
nessus
IBM Cognos Analytics Multiple Vulnerabilities (6616285)
2022-09-02 00:00:00