CVE-2020-28479 – jointjs

Package

Manager: npm
Name: jointjs
Vulnerable Version: >=0 <3.3.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00563 pctl0.67397

Details

Denial of Service (DoS) via the unsetByPath function in jsjoints The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.

Metadata

Created: 2021-04-13T15:29:40Z
Modified: 2021-04-06T20:51:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-cq8r-fc3q-6hg2/GHSA-cq8r-fc3q-6hg2.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-cq8r-fc3q-6hg2
Finding: F002
Auto approve: 1