Vulnerability Details : CVE-2021-23438
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input.
Products affected by CVE-2021-23438
- cpe:2.3:a:mpath_project:mpath:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-23438
0.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-23438
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
5.6
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
2.2
|
3.4
|
Snyk |
CWE ids for CVE-2021-23438
-
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-23438
-
https://snyk.io/vuln/SNYK-JS-MPATH-1577289
Prototype Pollution in mpath | SnykExploit;Third Party Advisory
-
https://github.com/aheckmann/mpath/commit/89402d2880d4ea3518480a8c9847c541f2d824fc
fix: throw error if `parts` contains an element that isn't a string o… · aheckmann/mpath@89402d2 · GitHubPatch;Third Party Advisory
-
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1579548
Prototype Pollution in org.webjars.npm:mpath | SnykExploit;Third Party Advisory
Jump to