org.webjars.npm:pathval@1.1.0 vulnerabilities

2.0.0

8 years ago

1 years ago

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:pathval package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Prototype Pollution org.webjars.npm:pathval is an Object value retrieval given a string path Affected versions of this package are vulnerable to Prototype Pollution. PoC `var pathval = require('pathval'); var obj = {}; pathval.setPathValue(obj, '__proto__.polluted', true); console.log(polluted); // true` How to fix Prototype Pollution? Upgrade `org.webjars.npm:pathval` to version 2.0.0 or higher.	[,2.0.0)

org.webjars.npm:pathval is an Object value retrieval given a string path

Affected versions of this package are vulnerable to Prototype Pollution.

var pathval = require('pathval');

var obj = {};
pathval.setPathValue(obj, '__proto__.polluted', true);

console.log(polluted); // true

How to fix Prototype Pollution?

Upgrade org.webjars.npm:pathval to version 2.0.0 or higher.

[,2.0.0)