Vulnerabilities > CVE-2021-23444 - Type Confusion vulnerability in Client Jointjs
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/clientIO/joint/commit/e5bf89efef6d5ea572d66870ffd86560de7830a8
- https://github.com/clientIO/joint/commit/e5bf89efef6d5ea572d66870ffd86560de7830a8
- https://github.com/clientIO/joint/pull/1514
- https://github.com/clientIO/joint/pull/1514
- https://github.com/clientIO/joint/releases/tag/v3.4.2
- https://github.com/clientIO/joint/releases/tag/v3.4.2
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1655817
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1655817
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1655816
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1655816
- https://snyk.io/vuln/SNYK-JS-JOINTJS-1579578
- https://snyk.io/vuln/SNYK-JS-JOINTJS-1579578