CVE-2021-23444

Published September 21st, 2021

View on NVD ↗

CVSS v3

5.6

MEDIUM

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.

clientIO/joint

A proven SVG-based JavaScript diagramming library powering exceptional UIs

GitHub

5.27K