PT-2019-9312 · Mpath · Mpath

Cris_Semmle

Published

2019-02-01

Updated

2021-09-02

CVE-2018-16490

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions mpath versions prior to 0.5.1

Description A prototype pollution issue allows an attacker to inject arbitrary properties onto Object.prototype given certain input to mpath. This results in the added or modified properties being present on all objects.

Recommendations Update to version 0.5.1 or later.

Exploit

Fix

Special Elements Injection

Prototype Pollution

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-1321CWE-400

Related Identifiers

CVE-2018-16490

GHSA-H466-J336-74WX

Affected Products

Mpath

PT-2019-9312 · Mpath · Mpath

CVE-2018-16490

Weakness Enumeration

Related Identifiers

Affected Products

References · 7