CVE-2021-23807

Опубликовано: 03 нояб. 2021

Источник: nvd

CVSS3: 5.6

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.

Ссылки

https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4
Patch
Third Party Advisory
https://github.com/janl/node-jsonpointer/pull/51
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273
Exploit
Mitigation
Patch
Third Party Advisory
VDB Entry
https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288
Exploit
Mitigation
Patch
Third Party Advisory
VDB Entry
https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4
Patch
Third Party Advisory
https://github.com/janl/node-jsonpointer/pull/51
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273
Exploit
Mitigation
Patch
Third Party Advisory
VDB Entry
https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288
Exploit
Mitigation
Patch
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:janl:jsonpointer:*:*:*:*:*:node.js:*:*

Версия до 5.0.0 (исключая)

EPSS

Процентиль: 38%

0.00166

Низкий

5.6 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-843

Связанные уязвимости

CVE-2021-23807

CVSS3: 7.3

redhat

больше 4 лет назад

This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.

GHSA-282f-qqgm-c34q

CVSS3: 5.6

github

около 4 лет назад

Prototype Pollution in node-jsonpointer

BDU:2024-01733

CVSS3: 9.8

fstec

больше 4 лет назад

Уязвимость пакета jsonpointer программной платформы Node.js, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 38%

0.00166

Низкий

5.6 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-843