CVE-2021-23440
npm/set-value
Access of Resource Using Incompatible Type (Type Confusion)
This affects the package set-value A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
All versions before 2.0.1, all versions starting from 3.0.0 before 4.0.1
Upgrade to versions 2.0.1, 4.0.1 or above.
2021-09-24
source |