CVE-2021-23624

Published November 3rd, 2021

View on NVD ↗

CVSS v3

5.6

MEDIUM

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.

deoxxa/dotty

Access properties of nested objects using dot-path notation

GitHub

126