Search for packages
| purl | pkg:npm/object-path@0.11.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-zd62-yudh-67hg
Aliases: CVE-2021-3805 GHSA-8v63-cqqc-6r2c |
Improperly Controlled Modification of Dynamically-Determined Object Attributes object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-z9ah-tgha-9ufh | Access of Resource Using Incompatible Type (Type Confusion) A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition `currentPath === '__proto__'` returns false if `currentPath is ['__proto__']`. This is because the `===` operator returns always false when the type of the operands is different. |
CVE-2021-23434
GHSA-v39p-96qg-c8rf |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-07T20:47:18.416825+00:00 | GHSA Importer | Fixing | VCID-z9ah-tgha-9ufh | https://github.com/advisories/GHSA-v39p-96qg-c8rf | 38.6.0 |
| 2026-06-06T00:59:38.596821+00:00 | GitLab Importer | Affected by | VCID-zd62-yudh-67hg | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/object-path/CVE-2021-3805.yml | 38.6.0 |
| 2026-06-04T17:27:27.980071+00:00 | GithubOSV Importer | Fixing | VCID-z9ah-tgha-9ufh | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-v39p-96qg-c8rf/GHSA-v39p-96qg-c8rf.json | 38.6.0 |
| 2026-06-02T04:39:55.157610+00:00 | GitLab Importer | Fixing | VCID-z9ah-tgha-9ufh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/object-path/CVE-2021-23434.yml | 38.6.0 |