Vulnerability Details CVE-2021-23509
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.8%
CVSS Severity
CVSS v3 Score 5.6
CVSS v2 Score 7.5
References
- https://github.com/flitbit/json-ptr%23security-vulnerabilities-resolved
- https://github.com/flitbit/json-ptr/commit/5dc458fbad1c382a2e3ca6d62e66ede3d92849ca
- https://github.com/flitbit/json-ptr/pull/42
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1767165
- https://snyk.io/vuln/SNYK-JS-JSONPTR-1577291
- https://github.com/flitbit/json-ptr%23security-vulnerabilities-resolved
- https://github.com/flitbit/json-ptr/commit/5dc458fbad1c382a2e3ca6d62e66ede3d92849ca
- https://github.com/flitbit/json-ptr/pull/42
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1767165
- https://snyk.io/vuln/SNYK-JS-JSONPTR-1577291
Products affected by CVE-2021-23509
-
cpe:2.3:a:json-ptr_project:json-ptr:-
-
cpe:2.3:a:json-ptr_project:json-ptr:0.2.0
-
cpe:2.3:a:json-ptr_project:json-ptr:0.2.1
-
cpe:2.3:a:json-ptr_project:json-ptr:0.3.0
-
cpe:2.3:a:json-ptr_project:json-ptr:0.3.1
-
cpe:2.3:a:json-ptr_project:json-ptr:1.0.0
-
cpe:2.3:a:json-ptr_project:json-ptr:1.0.1
-
cpe:2.3:a:json-ptr_project:json-ptr:1.1.0
-
cpe:2.3:a:json-ptr_project:json-ptr:1.1.1
-
cpe:2.3:a:json-ptr_project:json-ptr:1.1.2
-
cpe:2.3:a:json-ptr_project:json-ptr:1.2.0
-
cpe:2.3:a:json-ptr_project:json-ptr:1.3.0
-
cpe:2.3:a:json-ptr_project:json-ptr:1.3.1
-
cpe:2.3:a:json-ptr_project:json-ptr:1.3.2
-
cpe:2.3:a:json-ptr_project:json-ptr:2.0.0
-
cpe:2.3:a:json-ptr_project:json-ptr:2.1.0
-
cpe:2.3:a:json-ptr_project:json-ptr:2.1.1
-
cpe:2.3:a:json-ptr_project:json-ptr:2.1.2
-
cpe:2.3:a:json-ptr_project:json-ptr:2.2.0