Prototype Pollution

Overview json-pointer before 0.6.1 is vulnerable to prototype pollution. Multiple reference of object using slash is supported. Recommendation Upgrade to version 0.6.1 or later References - CVE - GitHub Advisory...

@amitport/koangular-users (=0.0.0), @antimatter-studios/dredd (>=14.1.0 <=15.0.11) +202 more potentially affected by CVE-2020-7709 via json-pointer (>=0.0.4 <=0.6.0)

json-pointer NPM version =0.0.4, =14.1.0, =0.0.1, =0.0.2, =0.0.1, =1.2.6, =2.7.2, =1.0.0, =0.0.0-development, =1.0.0, =2.21.3, =0.1.0, =1.0.1 - ajv-moment =1.0.0 and more Source cves: CVE-2020-7709 Source advisory: OSV:GHSA-7MG4-W3W5-X5PC...

GHSA-7MG4-W3W5-X5PC Prototype pollution in json-pointer

This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported...

Prototype pollution in json-pointer

This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported...

Code Injection in flitbit/json-ptr

✍️ Description json-ptr is a complete implementation of JSON Pointer RFC 6901 for nodejs and modern browsers. JsonPointer.get that is designed to get the target object's value at the pointer's location is vulnerable to arbitrary code injection and exection, mainly due to the lack of sanitizing for...

Prototype Pollution

Overview json-ptr is a complete implementation of JSON Pointer RFC 6901 for nodejs and modern browsers. Affected versions of this package are vulnerable to Prototype Pollution. The issue occurs in the set operation https://flitbit.github.io/json-ptr/classes/srcpointer.jsonpointer.htmlset when the...

Prototype Pollution

json-pointer is vulnerable to prototype pollution. The vulnerability exists as it does not restrict the proto, constructor, and prototype header values to be set through the API...

CVE-2020-7709

This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported...

Design/Logic Flaw

This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported...

CVE-2020-7709

This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported...

CVE-2020-7709

CVE-2020-7709 affects the json-pointer package prior to 0.6.1. A type confusion vulnerability occurs when pointer components are arrays, which can bypass the fix for CVE-2020-7709. The issue has been echoed downstream in related advisories (e.g., CVE-2021-23820) and is discussed in npm advisory e...

CVE-2020-7709 Prototype Pollution

This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported...

@amitport/koangular-users (=0.0.0), @antimatter-studios/dredd (>=14.1.0 <=15.0.11) +202 more potentially affected by CVE-2020-7709 via json-pointer (>=0.0.4 <=0.6.0)

json-pointer NPM version =0.0.4, =14.1.0, =0.0.1, =0.0.2, =0.0.1, =1.2.6, =2.7.2, =1.0.0, =0.0.0-development, =1.0.0, =2.21.3, =0.1.0, =1.0.1 - ajv-moment =1.0.0 and more Source cves: CVE-2020-7709 Source advisory: SNYK:JS-JSONPOINTER-596925...

Prototype Pollution

Overview json-pointer is a set of utilities for JSON pointers described by RFC 6901 Affected versions of this package are vulnerable to Prototype Pollution. Multiple reference of object using slash is supported. PoC js var pointer = require'json-pointer'; var obj = ; pointer.setobj,...

Code injection in ymlref

ymlref is a library that allows to load Yaml documents and resolve JSON-pointer references inside them. ymlref versions up to 0.1.1 allow code injection...

GHSA-8R8J-XVFJ-36F9 Code injection in ymlref

ymlref is a library that allows to load Yaml documents and resolve JSON-pointer references inside them. ymlref versions up to 0.1.1 allow code injection...