CVE-2021-23440

Published September 12th, 2021

View on NVD ↗

CVSS v3

7.3

HIGH

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.

jonschlinkert/set-value

Set nested properties on an object using dot-notation.

GitHub

277