CVE-2021-23509

Опубликовано: 03 нояб. 2021

Источник: nvd

CVSS3: 5.6

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.

Ссылки

https://github.com/flitbit/json-ptr%23security-vulnerabilities-resolved
Broken Link
Third Party Advisory
https://github.com/flitbit/json-ptr/commit/5dc458fbad1c382a2e3ca6d62e66ede3d92849ca
Patch
Third Party Advisory
https://github.com/flitbit/json-ptr/pull/42
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1767165
Exploit
Mitigation
Patch
Third Party Advisory
VDB Entry
https://snyk.io/vuln/SNYK-JS-JSONPTR-1577291
Exploit
Mitigation
Patch
Third Party Advisory
VDB Entry
https://github.com/flitbit/json-ptr%23security-vulnerabilities-resolved
Broken Link
Third Party Advisory
https://github.com/flitbit/json-ptr/commit/5dc458fbad1c382a2e3ca6d62e66ede3d92849ca
Patch
Third Party Advisory
https://github.com/flitbit/json-ptr/pull/42
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1767165
Exploit
Mitigation
Patch
Third Party Advisory
VDB Entry
https://snyk.io/vuln/SNYK-JS-JSONPTR-1577291
Exploit
Mitigation
Patch
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:json-ptr_project:json-ptr:*:*:*:*:*:*:*:*

Версия до 3.0.0 (исключая)

EPSS

Процентиль: 82%

0.01748

Низкий

5.6 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-843

Связанные уязвимости

GHSA-8gwj-8hxc-285w

CVSS3: 5.6

github

около 4 лет назад

Prototype Pollution in json-ptr

EPSS

Процентиль: 82%

0.01748

Низкий

5.6 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-843