Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/object-path@0.1.2
Typenpm
Namespace
Nameobject-path
Version0.1.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.11.8
Latest_non_vulnerable_version0.11.8
Affected_by_vulnerabilities
0
url VCID-tfvr-s17c-37b8
vulnerability_id VCID-tfvr-s17c-37b8
summary 
Improper Input Validation
A prototype pollution vulnerability has been found in `object-path` don't use the `includeInheritedProps: true` options or the `withInheritedProps`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15256.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15256.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15256
reference_id
reference_type
scores
0
value 0.00163
scoring_system epss
scoring_elements 0.36944
published_at 2026-06-08T12:55:00Z
1
value 0.00163
scoring_system epss
scoring_elements 0.36918
published_at 2026-06-04T12:55:00Z
2
value 0.00163
scoring_system epss
scoring_elements 0.37009
published_at 2026-06-05T12:55:00Z
3
value 0.00163
scoring_system epss
scoring_elements 0.37016
published_at 2026-06-06T12:55:00Z
4
value 0.00163
scoring_system epss
scoring_elements 0.36982
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15256
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15256
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15256
3
reference_url https://github.com/mariocasciaro/object-path
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mariocasciaro/object-path
4
reference_url https://github.com/mariocasciaro/object-path/commit/2be3354c6c46215c7635eb1b76d80f1319403c68
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mariocasciaro/object-path/commit/2be3354c6c46215c7635eb1b76d80f1319403c68
5
reference_url https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1902267
reference_id 1902267
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1902267
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15256
reference_id CVE-2020-15256
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15256
8
reference_url https://github.com/advisories/GHSA-cwx2-736x-mf6w
reference_id GHSA-cwx2-736x-mf6w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cwx2-736x-mf6w
9
reference_url https://usn.ubuntu.com/5967-1/
reference_id USN-5967-1
reference_type
scores
url https://usn.ubuntu.com/5967-1/
fixed_packages
0
url pkg:npm/object-path@0.11.5
purl pkg:npm/object-path@0.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-z9ah-tgha-9ufh
1
vulnerability VCID-zd62-yudh-67hg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/object-path@0.11.5
aliases CVE-2020-15256, GHSA-cwx2-736x-mf6w
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfvr-s17c-37b8
1
url VCID-z9ah-tgha-9ufh
vulnerability_id VCID-z9ah-tgha-9ufh
summary 
Access of Resource Using Incompatible Type (Type Confusion)
A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition `currentPath === '__proto__'` returns false if `currentPath is ['__proto__']`. This is because the `===` operator returns always false when the type of the operands is different.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23434.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23434.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23434
reference_id
reference_type
scores
0
value 0.0039
scoring_system epss
scoring_elements 0.60413
published_at 2026-06-08T12:55:00Z
1
value 0.0039
scoring_system epss
scoring_elements 0.60391
published_at 2026-06-04T12:55:00Z
2
value 0.0039
scoring_system epss
scoring_elements 0.60438
published_at 2026-06-05T12:55:00Z
3
value 0.0039
scoring_system epss
scoring_elements 0.60441
published_at 2026-06-06T12:55:00Z
4
value 0.0039
scoring_system epss
scoring_elements 0.6043
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23434
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23434
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23434
3
reference_url https://github.com/mariocasciaro/object-path
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mariocasciaro/object-path
4
reference_url https://github.com/mariocasciaro/object-path#0116
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mariocasciaro/object-path#0116
5
reference_url https://github.com/mariocasciaro/object-path%230116
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mariocasciaro/object-path%230116
6
reference_url https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb
7
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00031.html
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00031.html
8
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1570423
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1570423
9
reference_url https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1999810
reference_id 1999810
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1999810
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23434
reference_id CVE-2021-23434
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23434
12
reference_url https://github.com/advisories/GHSA-v39p-96qg-c8rf
reference_id GHSA-v39p-96qg-c8rf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v39p-96qg-c8rf
13
reference_url https://access.redhat.com/errata/RHSA-2021:3925
reference_id RHSA-2021:3925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3925
14
reference_url https://usn.ubuntu.com/5967-1/
reference_id USN-5967-1
reference_type
scores
url https://usn.ubuntu.com/5967-1/
fixed_packages
0
url pkg:npm/object-path@0.11.6
purl pkg:npm/object-path@0.11.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zd62-yudh-67hg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/object-path@0.11.6
aliases CVE-2021-23434, GHSA-v39p-96qg-c8rf
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9ah-tgha-9ufh
2
url VCID-zd62-yudh-67hg
vulnerability_id VCID-zd62-yudh-67hg
summary 
Improperly Controlled Modification of Dynamically-Determined Object Attributes
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3805.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3805.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3805
reference_id
reference_type
scores
0
value 0.0065
scoring_system epss
scoring_elements 0.71227
published_at 2026-06-08T12:55:00Z
1
value 0.0065
scoring_system epss
scoring_elements 0.71212
published_at 2026-06-04T12:55:00Z
2
value 0.0065
scoring_system epss
scoring_elements 0.71256
published_at 2026-06-05T12:55:00Z
3
value 0.0065
scoring_system epss
scoring_elements 0.71262
published_at 2026-06-06T12:55:00Z
4
value 0.0065
scoring_system epss
scoring_elements 0.71242
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3805
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3805
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3805
3
reference_url https://github.com/mariocasciaro/object-path
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mariocasciaro/object-path
4
reference_url https://github.com/mariocasciaro/object-path/commit/4f0903fd7c832d12ccbe0d9c3d7e25d985e9e884
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mariocasciaro/object-path/commit/4f0903fd7c832d12ccbe0d9c3d7e25d985e9e884
5
reference_url https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
6
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00031.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00031.html
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2006397
reference_id 2006397
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2006397
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3805
reference_id CVE-2021-3805
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3805
9
reference_url https://github.com/advisories/GHSA-8v63-cqqc-6r2c
reference_id GHSA-8v63-cqqc-6r2c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8v63-cqqc-6r2c
10
reference_url https://access.redhat.com/errata/RHSA-2021:3925
reference_id RHSA-2021:3925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3925
11
reference_url https://usn.ubuntu.com/5967-1/
reference_id USN-5967-1
reference_type
scores
url https://usn.ubuntu.com/5967-1/
fixed_packages
0
url pkg:npm/object-path@0.11.8
purl pkg:npm/object-path@0.11.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/object-path@0.11.8
aliases CVE-2021-3805, GHSA-8v63-cqqc-6r2c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zd62-yudh-67hg
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/object-path@0.1.2