npm package
jointjs
pkg:npm/jointjs
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-23444 | — | < 3.4.2 | 3.4.2 | Sep 21, 2021 | This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function. | ||
| CVE-2020-28479 | — | < 3.3.0 | 3.3.0 | Jan 19, 2021 | The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function. | ||
| CVE-2020-28480 | — | < 3.3.0 | 3.3.0 | Jan 19, 2021 | The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Poll |
- CVE-2021-23444Sep 21, 2021affected < 3.4.2fixed 3.4.2
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.
- CVE-2020-28479Jan 19, 2021affected < 3.3.0fixed 3.3.0
The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.
- CVE-2020-28480Jan 19, 2021affected < 3.3.0fixed 3.3.0
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Poll