VulnerableCode Package Details - pkg:npm/object-path@0.11.5

Search for packages

Vulnerability	Summary	Fixed by
VCID-9q81-cy5p-1qhy Aliases: CVE-2021-23434 GHSA-v39p-96qg-c8rf	This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different.	0.11.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ccrg-rtde-g3aa Aliases: CVE-2021-3805 GHSA-8v63-cqqc-6r2c	object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	0.11.8 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9q81-cy5p-1qhy
Aliases:
CVE-2021-23434
GHSA-v39p-96qg-c8rf

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different.

0.11.6
Affected by 1 other vulnerability.

VCID-ccrg-rtde-g3aa
Aliases:
CVE-2021-3805
GHSA-8v63-cqqc-6r2c

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

0.11.8
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-dppv-9ef8-ffhx	Prototype pollution in object-path	CVE-2020-15256 GHSA-cwx2-736x-mf6w

Vulnerability

Summary

Aliases

VCID-dppv-9ef8-ffhx

Prototype pollution in object-path

CVE-2020-15256
GHSA-cwx2-736x-mf6w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T17:48:08.826105+00:00	GitLab Importer	Affected by	VCID-ccrg-rtde-g3aa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/object-path/CVE-2021-3805.yml	38.6.0
2026-06-12T17:46:53.515085+00:00	GitLab Importer	Affected by	VCID-9q81-cy5p-1qhy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/object-path/CVE-2021-23434.yml	38.6.0
2026-06-12T17:28:50.406651+00:00	GitLab Importer	Fixing	VCID-dppv-9ef8-ffhx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/object-path/CVE-2020-15256.yml	38.6.0
2026-06-12T08:00:35.009251+00:00	GithubOSV Importer	Fixing	VCID-dppv-9ef8-ffhx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-cwx2-736x-mf6w/GHSA-cwx2-736x-mf6w.json	38.6.0
2026-06-11T20:27:04.743322+00:00	GHSA Importer	Fixing	VCID-dppv-9ef8-ffhx	https://github.com/advisories/GHSA-cwx2-736x-mf6w	38.6.0