Description
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.
References (6)
Core 6
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-JOINTJS-1579578
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1655816
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1655817
Patch, Third Party Advisory x_refsource_misc
https://github.com/clientIO/joint/commit/e5bf89efef6d5ea572d66870ffd86560de7830a8
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/clientIO/joint/releases/tag/v3.4.2
Third Party Advisory x_refsource_misc
https://github.com/clientIO/joint/pull/1514
Scores
CVSS v3
5.6
EPSS
0.0154
EPSS Percentile
81.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-843
Status
published
Products (2)
client/jointjs
< 3.4.2
npm/jointjs
0 - 3.4.2npm
Published
Sep 21, 2021
Tracked Since
Feb 18, 2026