Lucene search
GoogleOSV:GHSA-F3PP-32QC-36W4HistorySep 22, 2021 - 8:36 p.m.
Prototype Pollution in jointjs
2021-09-2220:36:34
Google
osv.dev
5
0.024 Low
EPSS
Percentile
89.9%
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.
References
github.com/clientIO/joint
github.com/clientIO/joint/commit/e5bf89efef6d5ea572d66870ffd86560de7830a8
github.com/clientIO/joint/pull/1514
github.com/clientIO/joint/releases/tag/v3.4.2
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1655817
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1655816
snyk.io/vuln/SNYK-JS-JOINTJS-1579578
Related
nvd
nvd
CVE-2021-23444
2021-09-21 17:15:09
CVE-2020-28480
2021-01-19 15:15:11
cve
cve
CVE-2021-23444
2021-09-21 17:15:09
CVE-2020-28480
2021-01-19 15:15:11
prion
prion
Type confusion
2021-09-21 17:15:00
Path traversal
2021-01-19 15:15:00
github
github
Prototype Pollution in jointjs
2021-09-22 20:36:34
Prototype pollution in JointJS
2021-01-20 21:21:16
cvelist
cvelist
CVE-2021-23444 Prototype Pollution
2021-09-21 00:00:00
CVE-2020-28480 Prototype Pollution
2021-01-19 00:00:00
osv
osv
CVE-2021-23444
2021-09-21 17:15:09
Prototype pollution in JointJS
2021-01-20 21:21:16
CVE-2020-28480
2021-01-19 15:15:11
huntr
huntr
Prototype Pollution in clientio/joint
2021-09-05 06:40:24
veracode
veracode
Prototype Pollution
2021-01-20 03:22:06
nodejs
nodejs
Prototype Pollution
2021-02-19 19:44:46