Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2021-23440

Published: 12/09/2021 Updated: 29/03/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Set-value Project

Vulnerability Summary

This affects the package set-value prior to 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

set-value project set-value

oracle communications cloud native core policy 1.14.0

Vendor Advisories

Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update
Synopsis Important: Red Hat OpenShift Data Foundation 4110 security, enhancement, & bugfix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4110 on Red Hat Enterprise Linux 8Red Hat Product Securit ...
Debian CVElist Bug Report Logs: node-set-value: CVE-2021-23440 - type confusion allows bypass of CVE-2019-10747
Debian Bug report logs - #994448 node-set-value: CVE-2021-23440 - type confusion allows bypass of CVE-2019-10747 Package: node-set-value; Maintainer for node-set-value is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Source for node-set-value is src:node-set-value (PTS, buildd, popcon) Reporte ...
Red Hat: CVE-2021-23440
This affects the package set-value before 401 A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays ...

References

CWE-843https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541https://github.com/jonschlinkert/set-value/pull/33https://www.oracle.com/security-alerts/cpujan2022.htmlhttps://access.redhat.com/errata/RHSA-2022:6156https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-23440
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook