Prototype Pollution Vulnerability in mpath Module by Unknown Vendor
CVE-2018-16490

7.5HIGH

Key Information:

Vendor: Hackerone
Status: Mpath
Vendor: CVE Published:; 1 February 2019

What is CVE-2018-16490?

The mpath module has a prototype pollution vulnerability that could allow an attacker to manipulate Object.prototype by injecting arbitrary properties. This could lead to unpredictable behavior in applications that utilize this module, making it crucial for developers to apply the latest updates and harden their systems against such attacks.

Affected Version(s)

mpath <0.5.1

References

https://hackerone.com/reports/390860

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2019
Vulnerability Reserved
Sep 4, 2018

Hackerone

What is CVE-2018-16490?

Affected Version(s)

References

CVSS V3.1

Timeline