3 matches found
3m5-coco (>=0.0.2 <=0.0.981), @24hr/sentry-logger-node (>=0.4.0 <=1.2.2) +278 more potentially affected by CVE-2021-23624 via dotty (>=0.0.1 <=0.1.1)
dotty NPM version =0.0.1, =0.0.2, =0.4.0, =1.1.4, =0.0.2, =1.15.3, =0.1.0, =0.1.6, =1.0.4, =0.1.6, =0.1.0, =1.0.0, =1.0.0, =1.0.7 - @kikiemz/komzpol =1.1.2 and more Source cves: CVE-2021-23624 Source advisory: OSV:GHSA-6G47-63MV-QPGH...
CVE-2021-23624
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays...
CVE-2021-23624
CVE-2021-23624 affects the dotty package prior to v0.1.2 and describes a type confusion vulnerability that can bypass CVE-2021-25912 when user-provided path keys are arrays. The issue is consistently reported across multiple sources (NVD/OSV/GHSA/CVE List) as a prototype pollution/type confusion ...