npm

Severity: moderate

Prototype Pollution

mpath

Overview

Versions of mpath before 0.5.1 are vulnerable to prototype pollution. Provided certain input mpath can add or modify properties of the Object prototype. These properties will be present on all objects.

Remediation

Update to version 0.5.1 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Feb 6th, 2019