This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.
References
Link | Resource |
---|---|
https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4 | Patch Third Party Advisory |
https://github.com/janl/node-jsonpointer/pull/51 | Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273 | Exploit Mitigation Patch Third Party Advisory VDB Entry |
https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288 | Exploit Mitigation Patch Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2021-11-03T00:00:00
Updated: 2021-11-03T17:20:29
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23807
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-03T18:15:08.230
Modified: 2021-11-05T18:08:28.487
Link: CVE-2021-23807
JSON object: View
Redhat Information
No data.
CWE