Prototype Pollution in mpath
moderate severity
Published
Feb 7, 2019
•
Updated Jan 8, 2021
Package
mpath
(npm)
Affected versions
< 0.5.1
Patched versions
0.5.1
Description
CVE ID
CVE-2018-16490
Versions of
mpath
before 0.5.1 are vulnerable to prototype pollution. Provided certain inputmpath
can add or modify properties of theObject
prototype. These properties will be present on all objects.Recommendation
Update to version
0.5.1
or later.References