{"id":2128595,"name":"object-path","ecosystem":"npm","description":"Access deep object properties using a path","homepage":"https://github.com/mariocasciaro/object-path","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/mariocasciaro/object-path","keywords_array":["deep","path","access","bean","get","property","dot","prop","object","obj","notation","segment","value","nested","key"],"namespace":null,"versions_count":27,"first_release_published_at":"2013-09-20T01:00:44.619Z","latest_release_published_at":"2021-09-16T11:00:37.576Z","latest_release_number":"0.11.8","last_synced_at":"2026-06-01T02:01:13.514Z","created_at":"2022-04-09T21:23:22.573Z","updated_at":"2026-06-01T02:01:13.515Z","registry_url":"https://www.npmjs.com/package/object-path","install_command":"npm install object-path","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"latest":"0.11.8"}},"repo_metadata":{"id":10714354,"uuid":"12963022","full_name":"mariocasciaro/object-path","owner":"mariocasciaro","description":"A tiny JavaScript utility to access deep properties using a path (for Node and the Browser)","archived":false,"fork":false,"pushed_at":"2023-01-06T15:12:32.000Z","size":432,"stargazers_count":1047,"open_issues_count":35,"forks_count":84,"subscribers_count":15,"default_branch":"master","last_synced_at":"2024-04-12T22:58:58.269Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mariocasciaro.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null}},"created_at":"2013-09-20T01:00:11.000Z","updated_at":"2024-03-24T16:01:29.000Z","dependencies_parsed_at":"2023-01-13T16:06:35.838Z","dependency_job_id":null,"html_url":"https://github.com/mariocasciaro/object-path","commit_stats":null,"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mariocasciaro","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":217735328,"owners_count":16222254,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"mariocasciaro","name":"Mario Casciaro","uuid":"105319","kind":"user","description":"CTO @D4H • Author of Node.js Design Patterns (https://nodejsdp.link/buy)","email":"","website":null,"location":"Dublin, Ireland","twitter":"mariocasciaro","company":null,"icon_url":"https://avatars.githubusercontent.com/u/105319?u=3e65d5f4a17da93efb457f9e09ed5acb42436b89\u0026v=4","repositories_count":41,"last_synced_at":"2024-04-14T06:40:06.108Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/mariocasciaro","funding_links":[],"total_stars":1859,"followers":273,"following":20,"created_at":"2022-11-02T16:21:24.812Z","updated_at":"2024-04-14T06:40:14.055Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mariocasciaro","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mariocasciaro/repositories"},"tags":[{"name":"v0.11.8","sha":"e6bb638ffdd431176701b3e9024f80050d0ef0a6","kind":"tag","published_at":"2021-09-16T11:00:33.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.11.8","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.11.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.11.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.11.8/manifests"},{"name":"v0.11.7","sha":"43a926f5bcba44e522456b0e2b4b341de32c4a19","kind":"tag","published_at":"2021-08-27T14:48:36.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.11.7","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.11.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.11.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.11.7/manifests"},{"name":"v0.11.6","sha":"94f92d8932fce12eeff853116646160477c6ce11","kind":"tag","published_at":"2021-08-27T14:39:11.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.11.6","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.11.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.11.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.11.6/manifests"},{"name":"v0.11.0","sha":"c3f8c68a1fd0504bb59c1f6ceca7ed8e0a63ef4b","kind":"tag","published_at":"2016-06-29T11:17:22.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.11.0","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.11.0/manifests"},{"name":"v0.10.0","sha":"4bd4bbf06844a18cbc306f201f9ce4ad617b470f","kind":"tag","published_at":"2016-06-28T14:17:52.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.10.0","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.10.0/manifests"},{"name":"v0.9.3","sha":"aa0875700813b5e96dc8963c16a27a603c032d5d","kind":"commit","published_at":"2015-04-17T17:38:09.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.9.3","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.9.3/manifests"},{"name":"v0.9.2","sha":"3f1e4ea93b9eef77236f0a3dce73dfcf89c780c0","kind":"tag","published_at":"2015-04-16T08:50:15.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.9.2","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.9.2/manifests"},{"name":"v0.9.1","sha":"c79090a068ddc8647b4af2d381f2d4b854f9367c","kind":"tag","published_at":"2015-03-19T13:28:14.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.9.1","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.9.1/manifests"},{"name":"v0.9.0","sha":"4894644d9b8446aa6c93540c52473bd8982ea7f0","kind":"tag","published_at":"2015-01-29T10:08:07.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.9.0","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.9.0/manifests"},{"name":"v0.8.1","sha":"57e379d14a32cd04c597f63182e7d54b695f9415","kind":"tag","published_at":"2014-11-26T13:51:48.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.8.1","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.8.1/manifests"},{"name":"v0.8.0","sha":"470993c54691c77decb667c3fd068fb76bd088be","kind":"tag","published_at":"2014-11-20T10:28:49.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.8.0","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.8.0/manifests"},{"name":"v0.7.0","sha":"74732640218c6da9f75185f3f1bd79539ce23e54","kind":"tag","published_at":"2014-11-17T10:40:11.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.7.0","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.7.0/manifests"},{"name":"v0.6.0","sha":"be8e17ce434b04d63399779c0a5dc478f7c7c605","kind":"commit","published_at":"2014-07-15T17:01:08.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.6.0","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.6.0/manifests"},{"name":"v0.5.1","sha":"e9b9d90331372b63f2e852114327ef2ed435fd10","kind":"commit","published_at":"2014-07-09T07:29:29.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.5.1","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.5.1/manifests"},{"name":"v0.5.0","sha":"112e27e5b070429c627c3689182574b212053072","kind":"tag","published_at":"2014-05-24T14:29:07.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.5.0","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.5.0/manifests"},{"name":"v0.4.0","sha":"32a0feb59307bfd2870acc8e9ca14ded14c72037","kind":"tag","published_at":"2014-05-17T22:16:48.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.4.0","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.4.0/manifests"},{"name":"v0.3.0","sha":"9cf06f2bdbbbb71049c5b3a577c466f5f5e597bf","kind":"commit","published_at":"2014-04-22T18:14:31.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.3.0","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.3.0/manifests"},{"name":"v0.2.1","sha":"321b8754f0560834ccf260552f5d3f4c35c511f0","kind":"tag","published_at":"2014-04-15T17:33:43.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.2.1","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.2.1/manifests"},{"name":"v0.2.0","sha":"333b8e9a98e8e0c213a532ec392e2fb611ca53ad","kind":"tag","published_at":"2014-04-14T20:58:52.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.2.0","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.2.0/manifests"},{"name":"v0.1.3","sha":"98c0096d7977fc299000f03094a5d1c6901c5331","kind":"tag","published_at":"2014-04-02T18:54:07.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.1.3","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.1.3/manifests"},{"name":"v0.1.2","sha":"f61f03fa0bdd8e03b7f296dab85ac4a6242d5cd9","kind":"tag","published_at":"2013-11-11T19:51:15.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.1.2","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.1.2/manifests"},{"name":"v0.1.0","sha":"169f3cf6a218fcfecf79b622a2f6e1c75873aefd","kind":"tag","published_at":"2013-09-23T17:47:28.000Z","download_url":"https://codeload.github.com/mariocasciaro/object-path/tar.gz/v0.1.0","html_url":"https://github.com/mariocasciaro/object-path/releases/tag/v0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/tags/v0.1.0/manifests"}]},"repo_metadata_updated_at":"2024-09-07T20:55:21.422Z","dependent_packages_count":1645,"downloads":11442402,"downloads_period":"last-month","dependent_repos_count":950121,"rankings":{"downloads":0.09233167892898615,"dependent_repos_count":0.03427060495603947,"dependent_packages_count":0.04584358929524168,"stargazers_count":2.3740870512596337,"forks_count":3.1418326474407507,"docker_downloads_count":0.1254533919772598,"average":0.9689698273096519},"purl":"pkg:npm/object-path","advisories":[{"uuid":"GSA_kwCzR0hTQS04djYzLWNxcWMtNnIyY80V4w","url":"https://github.com/advisories/GHSA-8v63-cqqc-6r2c","title":"Prototype Pollution in object-path","description":"object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). The `del()` function fails to validate which Object properties it deletes. This allows attackers to modify the prototype of Object, causing the modification of default properties like `toString` on all objects.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-09-20T20:46:43.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2021-3805","https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053","https://github.com/mariocasciaro/object-path/commit/4f0903fd7c832d12ccbe0d9c3d7e25d985e9e884","https://lists.debian.org/debian-lts-announce/2023/01/msg00031.html","https://github.com/advisories/GHSA-8v63-cqqc-6r2c"],"source_kind":"github","identifiers":["GHSA-8v63-cqqc-6r2c","CVE-2021-3805"],"repository_url":"https://github.com/mariocasciaro/object-path","blast_radius":0.0,"created_at":"2022-12-21T16:12:46.744Z","updated_at":"2026-04-05T20:07:08.475Z","epss_percentage":0.0065,"epss_percentile":0.70749,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04djYzLWNxcWMtNnIyY80V4w","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04djYzLWNxcWMtNnIyY80V4w","packages":[{"ecosystem":"npm","package_name":"object-path","versions":[{"first_patched_version":"0.11.8","vulnerable_version_range":"\u003c 0.11.8"}],"purl":"pkg:npm/object-path"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04djYzLWNxcWMtNnIyY80V4w/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzOXAtOTZxZy1jOHJm","url":"https://github.com/advisories/GHSA-v39p-96qg-c8rf","title":"Prototype Pollution in object-path","description":"This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition `currentPath === '__proto__'` returns false if `currentPath` is `['__proto__']`. This is because the `===` operator returns always false when the type of the operands is different.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-09-01T18:37:11.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.6,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","references":["https://nvd.nist.gov/vuln/detail/CVE-2021-23434","https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb","https://github.com/mariocasciaro/object-path#0116","https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453","https://github.com/mariocasciaro/object-path%230116","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1570423","https://lists.debian.org/debian-lts-announce/2023/01/msg00031.html","https://github.com/advisories/GHSA-v39p-96qg-c8rf"],"source_kind":"github","identifiers":["GHSA-v39p-96qg-c8rf","CVE-2021-23434"],"repository_url":"https://github.com/mariocasciaro/object-path","blast_radius":0.0,"created_at":"2022-12-21T16:12:48.464Z","updated_at":"2026-04-05T20:08:00.800Z","epss_percentage":0.0039,"epss_percentile":0.59956,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzOXAtOTZxZy1jOHJm","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzOXAtOTZxZy1jOHJm","packages":[{"ecosystem":"npm","package_name":"object-path","versions":[{"first_patched_version":"0.11.6","vulnerable_version_range":"\u003c 0.11.6"}],"purl":"pkg:npm/object-path"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzOXAtOTZxZy1jOHJm/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3eDItNzM2eC1tZjZ3","url":"https://github.com/advisories/GHSA-cwx2-736x-mf6w","title":"Prototype pollution in object-path","description":"### Impact\nA prototype pollution vulnerability has been found in `object-path` \u003c= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version \u003e= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version \u003e= 0.11.0 is used. Any usage of `set()` in versions \u003c 0.11.0 is vulnerable.\n \n### Patches\nUpgrade to version \u003e= 0.11.5\n\n### Workarounds\nDon't use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version \u003e= 0.11.0.\n\n### References\n[Read more about the prototype pollution vulnerability](https://codeburst.io/what-is-prototype-pollution-49482fc4b638)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [object-path](https://github.com/mariocasciaro/object-path)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-10-19T20:55:55.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.7,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H","references":["https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w","https://github.com/mariocasciaro/object-path/commit/2be3354c6c46215c7635eb1b76d80f1319403c68","https://nvd.nist.gov/vuln/detail/CVE-2020-15256","https://github.com/advisories/GHSA-cwx2-736x-mf6w"],"source_kind":"github","identifiers":["GHSA-cwx2-736x-mf6w","CVE-2020-15256"],"repository_url":"https://github.com/mariocasciaro/object-path","blast_radius":0.0,"created_at":"2022-12-21T16:13:13.369Z","updated_at":"2026-04-05T20:07:08.475Z","epss_percentage":0.00163,"epss_percentile":0.37128,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3eDItNzM2eC1tZjZ3","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3eDItNzM2eC1tZjZ3","packages":[{"ecosystem":"npm","package_name":"object-path","versions":[{"first_patched_version":"0.11.5","vulnerable_version_range":"\u003c 0.11.5"}],"purl":"pkg:npm/object-path"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3eDItNzM2eC1tZjZ3/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/object-path","docker_dependents_count":1563,"docker_downloads_count":243504766,"usage_url":"https://repos.ecosyste.ms/usage/npm/object-path","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/object-path/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2024-09-06T06:10:12.302Z","issues_count":56,"pull_requests_count":44,"avg_time_to_close_issue":16622359.028571429,"avg_time_to_close_pull_request":1646949.8064516129,"issues_closed_count":35,"pull_requests_closed_count":31,"pull_request_authors_count":27,"issue_authors_count":45,"avg_comments_per_issue":3.1607142857142856,"avg_comments_per_pull_request":2.4772727272727275,"merged_pull_requests_count":21,"bot_issues_count":0,"bot_pull_requests_count":8,"past_year_issues_count":0,"past_year_pull_requests_count":0,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":null,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":0,"past_year_pull_request_authors_count":0,"past_year_issue_authors_count":0,"past_year_avg_comments_per_issue":null,"past_year_avg_comments_per_pull_request":null,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariocasciaro%2Fobject-path/issues","maintainers":[{"login":"pocesar","count":13,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/pocesar"},{"login":"mariocasciaro","count":3,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mariocasciaro"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/object-path/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/object-path/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/object-path/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/object-path/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/object-path/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/object-path/codemeta","maintainers":[{"uuid":"mariocasciaro","login":"mariocasciaro","name":null,"email":"mariocasciaro@gmail.com","url":null,"packages_count":45,"html_url":"https://www.npmjs.com/~mariocasciaro","role":null,"created_at":"2022-11-13T15:20:11.236Z","updated_at":"2022-11-13T15:20:11.236Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/mariocasciaro/packages"}]}