@2109-t5/server (>=1.0.0 <=1.0.9), @abios/abios-redoc (>=1.0.0 <=2.5.0) +1090 more potentially affected by CVE-2021-23807 via jsonpointer (>=1.1.0 <=4.1.0)

jsonpointer NPM version =1.1.0, =1.0.0, =1.0.0, =0.12.4, =1.0.0, =2.13.1, =1.0.0, =0.0.1, =2.6.10, =2.0.0, =0.0.1, =0.0.1, =1.1.3 and more Source cves: CVE-2021-23807 Source advisory: OSV:GHSA-282F-QQGM-C34Q...

Prototype Pollution

jsonpointer is vulnerable to prototype pollution vulnerability. An attacker is able to inject arbitrary properties into existing construct prototypes and modification of attributes such as proto, constructor and prototype...

Prototype Pollution

Overview jsonpointer is a Simple JSON Addressing. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC by NerdJS const jsonpointer = require'jsonpointer'; jsonpointer.set, '/proto/polluted', true; console.logpolluted; Details Prototype Pollution is a...