Description

A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.

Remediation

References

https://hackerone.com/reports/390860

Related Vulnerabilities

CVE-2023-26144 Vulnerability in npm package graphql

CVE-2023-29207 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-skin-resources

CVE-2022-0613 Vulnerability in npm package urijs

CVE-2020-24855 Vulnerability in npm package @easy-team/easywebpack-cli

CVE-2022-24881 Vulnerability in maven package com.hccake:ballcat-codegen

Severity

High

Classification

CWE-74 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Issue Tracking Exploit Third Party Advisory