Vulnerabilities > CVE-2021-23820 - Type Confusion vulnerability in Jsonpointer Project Jsonpointer

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

jsonpointer-project

CWE-843

NVD

Published: 2021-11-03

Updated: 2021-11-05

Summary

This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.

Vulnerable Configurations

Part	Description	Count
Application	Jsonpointer_Project Jsonpointer Project Jsonpointer -	1

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

References

https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577287
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910686
https://github.com/manuelstofer/json-pointer/blob/master/index.js%23L78