9 matches found
EUVD-2021-2047
Malware in sbrugna...
Prototype Pollution in jointjs
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...
Type confusion
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...
CVE-2021-23444 Prototype Pollution
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...
Prototype Pollution in clientio/joint
✍️ Description jointjs package is vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the path components used in the path parameter are arrays. In particular, the condition key === "proto" returns false if key is "proto". This is because...
@convergence/jointjs-utils (>=0.1.0 <=0.4.0), @davidyaha/graphql-birdseye (>=1.0.7 <=1.0.8) +33 more potentially affected by CVE-2020-28480 via jointjs (>=0.9.10 <=3.2.0)
jointjs NPM version =0.9.10, =0.1.0, =1.0.7, =0.1.0, =0.1.3, =0.8.2, =1.5.30, =1.0.1, =1.0.0-alpha.1, =1.0.0, =0.0.3, =0.1.0, =1.0.6, =1.3.0 and more Source cves: CVE-2020-28480 Source advisory: OSV:GHSA-QWP9-52H8-XGG8...
CVE-2020-28480 Prototype Pollution
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution...
CVE-2020-28480
JointJS prior to 3.4.2 is affected by a Prototype Pollution in setByPath, allowing attacker-controlled path keys to pollute Object.prototype. The issue arises when the path parameter is provided as an array (or nested arrays) and assigns values on prototypes, enabling potential DoS, information d...
@convergence/jointjs-utils (=0.4.0), aihub (>=1.0.1 <=1.0.2) +7 more potentially affected by CVE-2020-28480 via jointjs (>=3.1.0 <=3.2.0)
jointjs NPM version =3.1.0, =1.0.1, =1.0.6, =1.0.1, =1.0.1, =0.9.0, =0.10.1 - ublatt =1.2.0 - vue-erd =0.1.1 - vue-test-demo-one =0.1.0 Source cves: CVE-2020-28480 Source advisory: SNYK:JS-JOINTJS-1024444...