This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.
References
Link | Resource |
---|---|
https://github.com/flitbit/json-ptr%23security-vulnerabilities-resolved | Broken Link Third Party Advisory |
https://github.com/flitbit/json-ptr/commit/5dc458fbad1c382a2e3ca6d62e66ede3d92849ca | Patch Third Party Advisory |
https://github.com/flitbit/json-ptr/pull/42 | Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1767165 | Exploit Mitigation Patch Third Party Advisory VDB Entry |
https://snyk.io/vuln/SNYK-JS-JSONPTR-1577291 | Exploit Mitigation Patch Third Party Advisory VDB Entry |
Configurations
History
05 Nov 2021, 21:01
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-843 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:a:json-ptr_project:json-ptr:*:*:*:*:*:*:*:* | |
References | (MISC) https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1767165 - Exploit, Mitigation, Patch, Third Party Advisory, VDB Entry | |
References | (MISC) https://github.com/flitbit/json-ptr/commit/5dc458fbad1c382a2e3ca6d62e66ede3d92849ca - Patch, Third Party Advisory | |
References | (MISC) https://github.com/flitbit/json-ptr/pull/42 - Patch, Third Party Advisory | |
References | (MISC) https://snyk.io/vuln/SNYK-JS-JSONPTR-1577291 - Exploit, Mitigation, Patch, Third Party Advisory, VDB Entry | |
References | (MISC) https://github.com/flitbit/json-ptr%23security-vulnerabilities-resolved - Broken Link, Third Party Advisory |
03 Nov 2021, 18:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-03 18:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-23509
Mitre link : CVE-2021-23509
CVE.ORG link : CVE-2021-23509
JSON object : View
Products Affected
json-ptr_project
- json-ptr
CWE
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')