Prototype Pollution in mpath
moderate severity
Published
Feb 7, 2019
•
Updated Jan 8, 2021
Package
mpath
(npm)
Affected versions
< 0.5.1
Patched versions
0.5.1
Description
CVE ID
CVE-2018-16490
Versions of
mpathbefore 0.5.1 are vulnerable to prototype pollution. Provided certain inputmpathcan add or modify properties of theObjectprototype. These properties will be present on all objects.Recommendation
Update to version
0.5.1or later.References