CVE-2021-23509

Published
View on NVD ↗
CVSS v3
5.6
MEDIUM
CVSS v2
7.5
HIGH
Affected
1
PROJECT

Description

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.

flitbit/json-ptr
flitbit/json-ptrUNAVAILABLE
A complete implementation of JSON Pointer (RFC 6901) for nodejs and modern browsers.
GitHubGitHub
94