-
Notifications
You must be signed in to change notification settings - Fork 870
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2021-23807 (Medium) detected in jsonpointer
#1107
Comments
tmarkley
added
medium severity
Medium severity CVE
cve
Security vulnerabilities detected by Dependabot or Mend
labels
Jan 6, 2022
Duplicate of #1152 |
tmarkley
removed
medium severity
Medium severity CVE
cve
Security vulnerabilities detected by Dependabot or Mend
labels
Jan 14, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 10, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 10, 2022
# [29.2.0](elastic/elastic-charts@v29.1.0...v29.2.0) (2021-05-25) ### Bug Fixes * **legend:** disable handleLabelClick for one legend item ([opensearch-project#1134](elastic/elastic-charts#1134)) ([e485174](elastic/elastic-charts@e485174)), closes [opensearch-project#1055](elastic/elastic-charts#1055) ### Features * **a11y:** add alt text for all chart types ([opensearch-project#1118](elastic/elastic-charts#1118)) ([e1c7489](elastic/elastic-charts@e1c7489)), closes [opensearch-project#1107](elastic/elastic-charts#1107) * **legend:** specify number of columns on floating legend ([opensearch-project#1159](elastic/elastic-charts#1159)) ([ed3736e](elastic/elastic-charts@ed3736e)), closes [opensearch-project#1158](elastic/elastic-charts#1158) * simple screenspace constraint solver ([opensearch-project#1141](elastic/elastic-charts#1141)) ([af9dd96](elastic/elastic-charts@af9dd96))
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
GHSA-282f-qqgm-c34q - Medium Severity Vulnerability
Vulnerable Library - jsonpointer@4.1.0
This is an implementation of [JSON Pointer](https://datatracker.ietf.org/doc/html/rfc6901).
Library home page: https://www.npmjs.com/package/jsonpointer
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
This affects the package
jsonpointer
before5.0.0
. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.Publish Date: 2021-11-08
URL: CVE-2021-23807
CVSS 3 Score Details (5.6)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: janl/node-jsonpointer#51
Release Date: 2021-11-08
Fix Resolution: jsonpointer - 5.0.0
The text was updated successfully, but these errors were encountered: