CVE-2021-23444

Access of Resource Using Incompatible Type ('Type Confusion') in npm/jointjs

Identifier

CVE-2021-23444

Package Slug

npm/jointjs

Vulnerability

Access of Resource Using Incompatible Type ('Type Confusion')

Description

This affects the package jointjs A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.

Affected Versions

All versions before 3.4.2

Solution

Upgrade to version 3.4.2 or above.

Last Modified

2021-10-10

source