This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).
References
Link | Resource |
---|---|
https://github.com/rooseveltframework/teddy/pull/518 | Patch Third Party Advisory |
https://github.com/rooseveltframework/teddy/releases/tag/0.5.9 | Release Notes Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-TEDDY-1579557 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2021-10-07T00:00:00
Updated: 2021-10-07T16:40:12
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23447
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-10-07T17:15:08.087
Modified: 2022-05-03T16:04:40.443
Link: CVE-2021-23447
JSON object: View
Redhat Information
No data.
CWE