Description
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
References (3)
Core 3
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/01/msg00031.html
Patch, Third Party Advisory
https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6
Exploit, Issue Tracking, Patch, Third Party Advisory
https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
Scores
CVSS v3
7.5
EPSS
0.0065
EPSS Percentile
70.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-1321
Status
published
Products (3)
debian/debian_linux
10.0
npm/object-path
0 - 0.11.8npm
object-path_project/object-path
< 0.11.8
Published
Sep 17, 2021
Tracked Since
Feb 18, 2026