The vulnerability of the jsonpointer package on the Node.js software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the jsonpointer package in the Node.js software platform is related to errors in data type conversion. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

@2109-t5/server (>=1.0.0 <=1.0.9), @abios/abios-redoc (>=1.0.0 <=2.5.0) +1091 more potentially affected by CVE-2021-23807 via jsonpointer (>=1.1.0 <=4.1.0)

jsonpointer NPM version =1.1.0, =1.0.0, =1.0.0, =0.12.4, =1.0.0, =2.13.1, =1.0.0, =0.0.1, =2.6.10, =2.0.0, =0.0.1, =0.0.1, =1.1.3 and more Source cves: CVE-2021-23807 Source advisory: OSV:GHSA-282F-QQGM-C34Q...

Prototype Pollution

jsonpointer is vulnerable to prototype pollution vulnerability. An attacker is able to inject arbitrary properties into existing construct prototypes and modification of attributes such as proto, constructor and prototype...

Prototype Pollution

Overview jsonpointer is a Simple JSON Addressing. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC by NerdJS const jsonpointer = require'jsonpointer'; jsonpointer.set, '/proto/polluted', true; console.logpolluted; Details Prototype Pollution is a...