mpath 0.4.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the mpath package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Prototype Pollution mpath is a package that gets/sets javascript object values using MongoDB-like path notation. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition `ignoreProperties.indexOf(parts[i]) !== -1` returns `-1` if `parts[i]` is `['__proto__']`. This is because the method that has been called if the input is an array is `Array.prototype.indexOf()` and not `String.prototype.indexOf()`. They behave differently depending on the type of the input. PoC `const mpath = require('mpath'); // mpath.set(['__proto__', 'polluted'], 'yes', {}); // console.log(polluted); // ReferenceError: polluted is not defined mpath.set([['__proto__'], 'polluted'], 'yes', {}); console.log(polluted); // yes` How to fix Prototype Pollution? Upgrade `mpath` to version 0.8.4 or higher.	<0.8.4
H Prototype Pollution mpath is a package that gets/sets javascript object values using MongoDB-like path notation. Affected versions of this package are vulnerable to Prototype Pollution. An attacker could specify a path that include the prototype object, and thus overwrite important properties on Object.prototype or add new ones. How to fix Prototype Pollution? Upgrade `mpath` to version 0.5.1 or higher.	>=0.3.0 <0.5.1

Vulnerability

Vulnerable Version

Prototype Pollution

mpath is a package that gets/sets javascript object values using MongoDB-like path notation.

Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input.

PoC

const mpath = require('mpath');
// mpath.set(['__proto__', 'polluted'], 'yes', {});
// console.log(polluted); // ReferenceError: polluted is not defined

mpath.set([['__proto__'], 'polluted'], 'yes', {});
console.log(polluted); // yes

How to fix Prototype Pollution?

Upgrade mpath to version 0.8.4 or higher.

<0.8.4

Prototype Pollution

mpath is a package that gets/sets javascript object values using MongoDB-like path notation.

Affected versions of this package are vulnerable to Prototype Pollution. An attacker could specify a path that include the prototype object, and thus overwrite important properties on Object.prototype or add new ones.

How to fix Prototype Pollution?

Upgrade mpath to version 0.5.1 or higher.

>=0.3.0 <0.5.1

mpath@0.4.0 vulnerabilities

{G,S}et object values using MongoDB-like path notation

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically

PoC