37 matches found
EUVD-2021-0515
Malware in sbrugna...
EUVD-2021-2047
Malware in sbrugna...
EUVD-2021-0813
Malware in sbrugna...
GHSA-F3PP-32QC-36W4 Prototype Pollution in jointjs
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...
Prototype Pollution in jointjs
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...
@convergence/jointjs-utils (>=0.1.0 <=0.6.0), @cronapp/tools (>=1.0.0-SNAPSHOT.4 <=1.0.0-SNAPSHOT.12) +36 more potentially affected by CVE-2021-23444 via jointjs (>=0.9.10 <=3.4.1)
jointjs NPM version =0.9.10, =0.1.0, =1.0.0-SNAPSHOT.4, =1.0.7, =1.5.2-3.1, =0.1.0, =0.1.3, =0.8.2, =1.5.30, =1.0.1, =1.0.0-alpha.1, =1.0.0, =0.0.3, =0.2.2 and more Source cves: CVE-2021-23444 Source advisory: OSV:GHSA-F3PP-32QC-36W4...
CVE-2021-23444
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...
CVE-2021-23444
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...
Type confusion
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...
CVE-2021-23444
CVE-2021-23444 affects the open-source library jointjs up to version before 3.4.2 . The documented issue is a prototype pollution/type confusion vulnerability in the setByPath function, where user-provided keys in the path parameter (as arrays) can bypass a previously fixed vulnerability (CVE-202...
CVE-2021-23444 Prototype Pollution
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...
CVE-2021-23444
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...
JointJs 安全漏洞
Client.Io JointJs is an open source JavaScript charting library from the Czech company Client. It is used to create static charts. A security vulnerability existed in Jointjs before 3.4.2, there is no information about this vulnerability yet, please stay tuned to CNNVD or vendor announcements...
Prototype Pollution in clientio/joint
✍️ Description jointjs package is vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the path components used in the path parameter are arrays. In particular, the condition key === "proto" returns false if key is "proto". This is because...
@convergence/jointjs-utils (>=0.4.0 <=0.6.0), @cronapp/tools (>=1.0.0-SNAPSHOT.4 <=1.0.0-SNAPSHOT.12) +10 more potentially affected by CVE-2020-28480 +1 more via jointjs (>=3.1.0 <=3.4.1)
jointjs NPM version =3.1.0, =0.4.0, =1.0.0-SNAPSHOT.4, =1.5.2-3.1, =1.0.1, =1.0.6, =1.0.1, =1.0.1, =1.2.0, =0.9.0, =0.12.0-beta.2 - ublatt =1.2.0 - vue-erd =0.1.1 - vue-test-demo-one =0.1.0 Source cves: CVE-2020-28480, CVE-2021-23444 Source advisory: SNYK:JS-JOINTJS-1579578...
Prototype Pollution
Overview jointjs is a JavaScript diagramming library. It can be used to create either static diagrams or, and more importantly, fully interactive diagramming tools and application builders. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can...
@convergence/jointjs-utils (>=0.1.0 <=0.4.0), @davidyaha/graphql-birdseye (>=1.0.7 <=1.0.8) +33 more potentially affected by CVE-2020-28479 via jointjs (>=0.9.10 <=3.2.0)
jointjs NPM version =0.9.10, =0.1.0, =1.0.7, =0.1.0, =0.1.3, =0.8.2, =1.5.30, =1.0.1, =1.0.0-alpha.1, =1.0.0, =0.0.3, =0.1.0, =1.0.6, =1.3.0 and more Source cves: CVE-2020-28479 Source advisory: OSV:GHSA-CQ8R-FC3Q-6HG2...
Prototype Pollution
Overview Affected versions of jointjs are vulnerable to Prototype Pollution via util.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution. Recommendation Update to fixed version 3.3.0 or later References - GitHub Adviso...
@convergence/jointjs-utils (>=0.1.0 <=0.4.0), @davidyaha/graphql-birdseye (>=1.0.7 <=1.0.8) +33 more potentially affected by CVE-2020-28480 via jointjs (>=0.9.10 <=3.2.0)
jointjs NPM version =0.9.10, =0.1.0, =1.0.7, =0.1.0, =0.1.3, =0.8.2, =1.5.30, =1.0.1, =1.0.0-alpha.1, =1.0.0, =0.0.3, =0.1.0, =1.0.6, =1.3.0 and more Source cves: CVE-2020-28480 Source advisory: OSV:GHSA-QWP9-52H8-XGG8...
Prototype pollution in JointJS
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution...