2 matches found
@amitport/koangular-users (=0.0.0), @antimatter-studios/dredd (>=14.1.0 <=15.0.11) +206 more potentially affected by CVE-2022-4742 via json-pointer (>=0.0.4 <=0.6.1)
json-pointer NPM version =0.0.4, =14.1.0, =0.0.1, =0.0.2, =0.0.1, =1.2.6, =2.7.2, =1.0.0, =0.0.0-development, =1.0.0, =2.21.3, =9.0.0, =2.0.0, =0.0.1, =0.1.0 and more Source cves: CVE-2022-4742 Source advisory: OSV:GHSA-6XRF-Q977-5VGC...
CVE-2022-4742
CVE-2022-4742 affects json-pointer up to 0.6.1, specifically the index.js set function, enabling prototype pollution. The issue is exploitable remotely and is fixed by upgrading to 0.6.2 (patch 859c9984b6c407fc2d5a0a7e47c7274daa681941). Affected references consistently describe this as a critical...