Access of Resource Using Incompatible Type ('Type Confusion')
This affects the package json-ptr A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.
This affects the package json-ptr A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in json-ptr.
This affects all versions of package json-ptr. The issue occurs in the set operation https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.html#set when the force flag is set to true. The function recursively sets the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.