This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/src_pointer .jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check t...
9.8CVSS
9.1AI Score
0.009EPSS
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.
9.8CVSS
9.2AI Score
0.199EPSS