6 matches found
Type confusion
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...
CVE-2021-23444 Prototype Pollution
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...
CVE-2020-28479
The package jointjs before 3.3.0 are vulnerable to Denial of Service DoS via the unsetByPath function...
CVE-2020-28480
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution...
CVE-2020-28480
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution...
CVE-2020-28479
The CVE-2020-28479 entry concerns the jointjs library. Concrete details from connected sources show that affected versions are jointjs before 3.3.0, with the vulnerability arising from the unsetByPath function, enabling a Denial of Service (DoS). The DoS impact is described as the service becomin...