Vulnerabilities > CVE-2021-23820 - Type Confusion vulnerability in Jsonpointer Project Jsonpointer

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

jsonpointer-project

CWE-843

critical

NVD

Published: 2021-11-03

Updated: 2024-11-21

Summary

This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.

Vulnerable Configurations

Part	Description	Count
Application	Jsonpointer_Project Jsonpointer Project Jsonpointer -	1

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

References

https://github.com/manuelstofer/json-pointer/blob/master/index.js%23L78
https://github.com/manuelstofer/json-pointer/blob/master/index.js%23L78
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910686
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910686
https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577287
https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577287