Search for packages
| purl | pkg:npm/object-path@0.1.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-tfvr-s17c-37b8
Aliases: CVE-2020-15256 GHSA-cwx2-736x-mf6w |
Improper Input Validation A prototype pollution vulnerability has been found in `object-path` don't use the `includeInheritedProps: true` options or the `withInheritedProps`. |
Affected by 2 other vulnerabilities. |
|
VCID-z9ah-tgha-9ufh
Aliases: CVE-2021-23434 GHSA-v39p-96qg-c8rf |
Access of Resource Using Incompatible Type (Type Confusion) A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition `currentPath === '__proto__'` returns false if `currentPath is ['__proto__']`. This is because the `===` operator returns always false when the type of the operands is different. |
Affected by 1 other vulnerability. |
|
VCID-zd62-yudh-67hg
Aliases: CVE-2021-3805 GHSA-8v63-cqqc-6r2c |
Improperly Controlled Modification of Dynamically-Determined Object Attributes object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T00:59:38.497208+00:00 | GitLab Importer | Affected by | VCID-zd62-yudh-67hg | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/object-path/CVE-2021-3805.yml | 38.6.0 |
| 2026-06-06T00:57:10.976049+00:00 | GitLab Importer | Affected by | VCID-z9ah-tgha-9ufh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/object-path/CVE-2021-23434.yml | 38.6.0 |
| 2026-06-04T20:40:05.348954+00:00 | GitLab Importer | Affected by | VCID-tfvr-s17c-37b8 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/object-path/CVE-2020-15256.yml | 38.6.0 |