object-path

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting object-pathpage 1 of 1

CVE-2020-15256HIGHCVSS 7.7EG 7.7✓ Fixed in 0.11.5
2020-10-19
A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled…
CVE-2021-23434MEDIUMCVSS 5.6EG 5.6✓ Fixed in 0.11.6
2021-08-27
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto…
CVE-2021-3805HIGHCVSS 7.5EG 7.5✓ Fixed in 0.11.8
2021-09-17
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Check whether object-path is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for object-path CVEs against the assets you own.

Start Free Scan →