GHSA-QWP9-52H8-XGG8 Prototype pollution in JointJS

The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution...

Prototype Pollution

jointjs is vulnerable to prototype pollution. The vulnerability exists due to the lack of sanitization in the values of the proto header...

CVE-2020-28479

The package jointjs before 3.3.0 are vulnerable to Denial of Service DoS via the unsetByPath function...

CVE-2020-28480

The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution...

CVE-2020-28480

The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution...

Path traversal

The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution...

Design/Logic Flaw

The package jointjs before 3.3.0 are vulnerable to Denial of Service DoS via the unsetByPath function...

CVE-2020-28479 Denial of Service (DoS)

The package jointjs before 3.3.0 are vulnerable to Denial of Service DoS via the unsetByPath function...

CVE-2020-28479

The CVE-2020-28479 entry concerns the jointjs library. Concrete details from connected sources show that affected versions are jointjs before 3.3.0, with the vulnerability arising from the unsetByPath function, enabling a Denial of Service (DoS). The DoS impact is described as the service becomin...

CVE-2020-28480

JointJS prior to 3.4.2 is affected by a Prototype Pollution in setByPath, allowing attacker-controlled path keys to pollute Object.prototype. The issue arises when the path parameter is provided as an array (or nested arrays) and assigns values on prototypes, enabling potential DoS, information d...

CVE-2020-28480 Prototype Pollution

The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution...

@convergence/jointjs-utils (=0.4.0), aihub (>=1.0.1 <=1.0.2) +7 more potentially affected by CVE-2020-28479 via jointjs (>=3.1.0 <=3.2.0)

jointjs NPM version =3.1.0, =1.0.1, =1.0.6, =1.0.1, =1.0.1, =0.9.0, =0.10.1 - ublatt =1.2.0 - vue-erd =0.1.1 - vue-test-demo-one =0.1.0 Source cves: CVE-2020-28479 Source advisory: SNYK:JS-JOINTJS-1062038...

Denial of Service (DoS)

Overview jointjs is a JavaScript diagramming library. It can be used to create either static diagrams or, and more importantly, fully interactive diagramming tools and application builders. Affected versions of this package are vulnerable to Denial of Service DoS via the unsetByPath function. PoC...

@convergence/jointjs-utils (=0.4.0), aihub (>=1.0.1 <=1.0.2) +7 more potentially affected by CVE-2020-28480 via jointjs (>=3.1.0 <=3.2.0)

jointjs NPM version =3.1.0, =1.0.1, =1.0.6, =1.0.1, =1.0.1, =0.9.0, =0.10.1 - ublatt =1.2.0 - vue-erd =0.1.1 - vue-test-demo-one =0.1.0 Source cves: CVE-2020-28480 Source advisory: SNYK:JS-JOINTJS-1024444...

Prototype Pollution

Overview jointjs is a JavaScript diagramming library. It can be used to create either static diagrams or, and more importantly, fully interactive diagramming tools and application builders. Affected versions of this package are vulnerable to Prototype Pollution via util.setByPath...

Jointjs Security Vulnerability

A security vulnerability exists in jointjs before 3.3.0, which stems from the use of a path that accesses an object's key and sets a value that is not properly handled...

Jointjs Code Issue Vulnerability

A code issue vulnerability exists in jointjs before 3.3.0 that stems from a denial of service DoS attack on the unsetByPath function...