Client: >> Jointjs >> 0.6.4 Security Vulnerabilities
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.
CVSS Score
5.6
EPSS Score
0.015
Published
2021-09-21