flitbit/json-ptr

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases23

Frequency4 months 6 days

Last Release almost 4 years ago

Stars94

A complete implementation of JSON Pointer (RFC 6901) for nodejs and modern browsers.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-23509 ↗	Nov 3, 2021Wednesday, 3 November 2021, 18:15	5.6 MEDIUM	7.5 HIGH
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.
CVE-2020-7766 ↗	Nov 10, 2020Tuesday, 10 November 2020, 16:15	7.3 HIGH	7.5 HIGH
This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.