RSS   Podatności dla 'Jointjs'   RSS

2021-01-19
 
CVE-2020-28480

NVD-CWE-Other
 

 
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution.

 
 
CVE-2020-28479

NVD-CWE-noinfo
 

 
The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.

 


Copyright 2024, cxsecurity.com

 

Back to Top