CVE-2021-23807

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-23807

CGA ID

CGA-863x-q58c-4qhr

Severity

9.8

Critical

CVSS V3

Description

This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.

References

https://images.chainguard.dev/security/CGA-863x-q58c-4qhr
https://github.com/advisories/GHSA-282f-qqgm-c34q
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273
https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288
https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4
https://github.com/janl/node-jsonpointer/pull/51

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2021-23807

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources