Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
object-path 安全漏洞
Vulnerability Description
object-path是个人开发者的一个可以通过路径访问数据结构中变量的 Npm 库。 object-path 0.11.6之前版本存在安全漏洞,该漏洞源于当path参数中使用的路径组件是阵列时会导致类型混淆漏洞。
CVSS Information
N/A
Vulnerability Type
N/A