cve/CVE-2021-23440.md at 8f32eec229df5ac6033987f6cf2822bfcb07c2e0

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-30 04:49:42 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.

POC

Reference

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212
https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541
https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/
https://www.oracle.com/security-alerts/cpujan2022.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/dellalibera/dellalibera
https://github.com/seal-community/cli
https://github.com/seal-community/patches

1008 B Raw Blame History

CVE-2021-23440

Description

POC

Reference

Github

1008 B

Raw Blame History