CVE-2021-23440

Access of Resource Using Incompatible Type (Type Confusion) in npm/set-value

Identifiers

CVE-2021-23440

Package Slug

npm/set-value

Vulnerability

Access of Resource Using Incompatible Type (Type Confusion)

Description

This affects the package set-value A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.

Affected Versions

All versions before 2.0.1, all versions starting from 3.0.0 before 4.0.1

Solution

Upgrade to versions 2.0.1, 4.0.1 or above.

Last Modified

2021-09-24

source