Description
This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.
Remediation
References
https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4
https://github.com/janl/node-jsonpointer/pull/51
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273
https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288
Related Vulnerabilities
CVE-2022-25352 Vulnerability in npm package libnested
CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.r4b
CVE-2020-5230 Vulnerability in maven package org.opencastproject:base
CVE-2021-4329 Vulnerability in maven package org.webjars.npm:json-logic-js
CVE-2022-32065 Vulnerability in maven package com.ruoyi:ruoyi