clientIO/joint

clientIO/joint

Releases85

Frequency2 months 4 days

Last Release 4 months ago

Stars5.27K

A proven SVG-based JavaScript diagramming library powering exceptional UIs

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-23444 ↗	Sep 21, 2021Tuesday, 21 September 2021, 17:15	5.6 MEDIUM	7.5 HIGH
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.
CVE-2020-28479 ↗	Jan 19, 2021Tuesday, 19 January 2021, 15:15	5.9 MEDIUM	5 MEDIUM
The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.
CVE-2020-28480 ↗	Jan 19, 2021Tuesday, 19 January 2021, 15:15	7.3 HIGH	7.5 HIGH
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution.