This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different.
Metrics
Affected Vendors & Products
References
History
Sun, 08 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:acm:2.2::el7 |
Mon, 19 Aug 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs |
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2021-08-27T16:50:13.019035Z
Updated: 2024-09-16T16:48:40.220Z
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23434
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-27T17:15:06.910
Modified: 2024-11-21T05:51:45.147
Link: CVE-2021-23434
Redhat