CVE-2021-23820
MEDIUMManuelstofer Json-pointer < 0.6.2 - Type Confusion
Title source: ruleDescription
This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.
References (3)
Core 3
Core References
Exploit, Mitigation, Patch, Third Party Advisory, VDB Entry x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910686
Third Party Advisory x_refsource_misc
https://github.com/manuelstofer/json-pointer/blob/master/index.js%23L78
Exploit, Mitigation, Patch, Third Party Advisory, VDB Entry x_refsource_misc
https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577287
Scores
CVSS v3
5.6
EPSS
0.0052
EPSS Percentile
67.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-843
Status
published
Products (2)
manuelstofer/json-pointer
< 0.6.2
npm/json-pointer
0 - 0.6.2npm
Published
Nov 03, 2021
Tracked Since
Feb 18, 2026