CVE-2021-23444

Опубликовано: 21 сент. 2021

Источник: nvd

CVSS3: 5.6

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.

Ссылки

https://github.com/clientIO/joint/commit/e5bf89efef6d5ea572d66870ffd86560de7830a8
Patch
Third Party Advisory
https://github.com/clientIO/joint/pull/1514
Third Party Advisory
https://github.com/clientIO/joint/releases/tag/v3.4.2
Release Notes
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1655817
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1655816
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JOINTJS-1579578
Exploit
Third Party Advisory
https://github.com/clientIO/joint/commit/e5bf89efef6d5ea572d66870ffd86560de7830a8
Patch
Third Party Advisory
https://github.com/clientIO/joint/pull/1514
Third Party Advisory
https://github.com/clientIO/joint/releases/tag/v3.4.2
Release Notes
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1655817
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1655816
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JOINTJS-1579578
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:client:jointjs:*:*:*:*:*:node.js:*:*

Версия до 3.4.2 (исключая)

EPSS

Процентиль: 81%

0.01539

Низкий

5.6 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-843

Связанные уязвимости

GHSA-f3pp-32qc-36w4

CVSS3: 5.6

github

больше 4 лет назад

Prototype Pollution in jointjs

EPSS

Процентиль: 81%

0.01539

Низкий

5.6 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-843