npm package
json-ptr
pkg:npm/json-ptr
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-23509 | — | < 3.0.0 | 3.0.0 | Nov 3, 2021 | This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays. | ||
| CVE-2020-7766 | — | < 2.1.0 | 2.1.0 | Nov 10, 2020 | This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does |
- CVE-2021-23509Nov 3, 2021affected < 3.0.0fixed 3.0.0
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.
- CVE-2020-7766Nov 10, 2020affected < 2.1.0fixed 2.1.0
This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does