CVE-2020-7766: Injection Vulnerability
(updated )
This affects all versions of package json-ptr. The issue occurs in the set operation https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.html#set
when the force flag is set to true. The function recursively sets the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.
References
Detect and mitigate CVE-2020-7766 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →