CVE-2020-28480

Published
View on NVD ↗
CVSS v3
7.3
HIGH
CVSS v2
7.5
HIGH
Affected
1
PROJECT

Description

The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution.

clientIO/joint
clientIO/joint
A proven SVG-based JavaScript diagramming library powering exceptional UIs
GitHubGitHub
5.27K