CGA-9rcr-vx7f-4qqj

Published

Last updated

https://images.chainguard.dev/security/CGA-9rcr-vx7f-4qqj

Package

py3-jsonpointer

RepositoryWolfi

Latest Update

Under investigation

Aliases

CVE-2021-23820
GHSA-v5vg-g7rq-363w

Severity

Unknown

Summary

Prototype Pollution in json-pointer

Description

This affects versions of package json-pointer up to and including 0.6.1. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-23820
https://github.com/advisories/GHSA-v5vg-g7rq-363w
https://github.com/manuelstofer/json-pointer/pull/36
https://github.com/manuelstofer/json-pointer/commit/931b0f9c7178ca09778087b4b0ac7e4f505620c2
https://github.com/manuelstofer/json-pointer
https://github.com/manuelstofer/json-pointer/blob/master/index.js%23L78
https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577287

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-9rcr-vx7f-4qqj

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources