Lucene search
SnykCVELIST:CVE-2021-23509HistoryNov 03, 2021 - 5:20 p.m.
CVE-2021-23509 Prototype Pollution
2021-11-0317:20:36
snyk
www.cve.org
5
cve-2021-23509
json-ptr
prototype pollution
vulnerability
type confusion
bypass
user-provided keys
pointer parameter
arrays
CVSS3
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
AI Score
9.7
Confidence
High
EPSS
0.199
Percentile
96.4%
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.
CNA Affected
[
{
"product": "json-ptr",
"vendor": "n/a",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Type confusion
2021-11-03 18:15:00
Code injection
2020-11-10 16:15:00
github
github
Prototype Pollution in json-ptr
2021-11-08 17:43:27
Arbitrary Code Execution in json-ptr
2021-05-10 19:15:43
osv
osv
CVE-2021-23509
2021-11-03 18:15:08
Prototype Pollution in json-ptr
2021-11-08 17:43:27
CVE-2020-7766
2020-11-10 16:15:14
cve
cve
CVE-2021-23509
2021-11-03 18:15:08
CVE-2020-7766
2020-11-10 16:15:14
nvd
nvd
CVE-2021-23509
2021-11-03 18:15:08
CVE-2020-7766
2020-11-10 16:15:14
ibm
ibm
cnvd
cnvd
Json-Ptr type obfuscation vulnerability
2021-11-08 00:00:00
veracode
veracode
Prototype Pollution
2021-11-05 09:55:06
Prototype Pollution
2020-11-11 04:36:16
cvelist
cvelist
CVE-2020-7766 Prototype Pollution
2020-11-10 15:35:15
CVSS3
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
AI Score
9.7
Confidence
High
EPSS
0.199
Percentile
96.4%
Related for CVELIST:CVE-2021-23509