CVE-2021-23807

Published November 3rd, 2021

View on NVD ↗

CVSS v3

5.6

MEDIUM

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.

janl/node-jsonpointer

JSON Pointer (RFC6901) implementation for Node.js

GitHub

198