CVE-2021-23807 - OpenCVE

This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Jsonpointer Project	Jsonpointer

Configuration 1 [-]

cpe:2.3:a:jsonpointer_project:jsonpointer:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4	Patch Third Party Advisory
https://github.com/janl/node-jsonpointer/pull/51	Patch Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273	Exploit Mitigation Patch Third Party Advisory VDB Entry
https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288	Exploit Mitigation Patch Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2021-11-03T00:00:00

Updated: 2021-11-03T17:20:29

Reserved: 2021-01-08T00:00:00

Link: CVE-2021-23807

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-11-03T18:15:08.230

Modified: 2021-11-05T18:08:28.487

Link: CVE-2021-23807

JSON object: View

Redhat Information

No data.

CWE

CWE-843

{"containers": {"cna": {"affected": [{"product": "jsonpointer", "vendor": "n/a", "versions": [{"lessThan": "5.0.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Alessio Della Libera of Snyk Research Team"}], "datePublic": "2021-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.1, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Prototype Pollution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-11-03T17:20:29", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/janl/node-jsonpointer/pull/51"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4"}], "title": "Prototype Pollution", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2021-11-03T17:18:18.732977Z", "ID": "CVE-2021-23807", "STATE": "PUBLIC", "TITLE": "Prototype Pollution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "jsonpointer", "version": {"version_data": [{"version_affected": "<", "version_value": "5.0.0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Alessio Della Libera of Snyk Research Team"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Prototype Pollution"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288"}, {"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273"}, {"name": "https://github.com/janl/node-jsonpointer/pull/51", "refsource": "MISC", "url": "https://github.com/janl/node-jsonpointer/pull/51"}, {"name": "https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4", "refsource": "MISC", "url": "https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2021-23807", "datePublished": "2021-11-03T00:00:00", "dateReserved": "2021-01-08T00:00:00", "dateUpdated": "2021-11-03T17:20:29", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jsonpointer_project:jsonpointer:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "9BFA123B-3852-4DD3-B0CE-FB58D0523294", "versionEndExcluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays."}, {"lang": "es", "value": "Esto afecta al paquete jsonpointer versiones anteriores a 5.0.0. Una vulnerabilidad de confusi\u00f3n de tipo puede conllevar a una omisi\u00f3n de una correcci\u00f3n anterior de Contaminaci\u00f3n de Prototipos cuando los componentes de los punteros son matrices"}], "id": "CVE-2021-23807", "lastModified": "2021-11-05T18:08:28.487", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2021-11-03T18:15:08.230", "references": [{"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/janl/node-jsonpointer/pull/51"}, {"source": "report@snyk.io", "tags": ["Exploit", "Mitigation", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273"}, {"source": "report@snyk.io", "tags": ["Exploit", "Mitigation", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "nvd@nist.gov", "type": "Primary"}]}