UbuntuUpdates.org

Package "node-object-path"

Name: node-object-path

Description:

Access deep object properties using a path

Latest version: 0.11.4-2ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe
Homepage: https://github.com/mariocasciaro/object-path

Links


Download "node-object-path"


Other versions of "node-object-path" in Focal

Repository Area Version
base universe 0.11.4-2
updates universe 0.11.4-2ubuntu0.1

Changelog

Version: 0.11.4-2ubuntu0.1 2023-03-21 21:06:52 UTC

  node-object-path (0.11.4-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Improper Input Validation
    - debian/patches/CVE-2020-15256.diff: Fix prototype pollution in set()
    - debian/patches/CVE-2021-23434.patch: Fix prototype pollution when path
      components are not strings.
    - debian/patches/CVE-2021-3805.patch: Fix prototype pollution
      vulnerability.
    - CVE-2020-15256
    - CVE-2021-3805
    - CVE-2021-23434

 -- Paulo Flabiano Smorigo <email address hidden> Thu, 16 Mar 2023 11:18:54 -0300

CVE-2020-15256 A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `incl
CVE-2021-23434 This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components us
CVE-2021-3805 object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')



About   -   Send Feedback to @ubuntu_updates