This affects the package set-value prior to 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
set-value project set-value |
||
oracle communications cloud native core policy 1.14.0 |