{"id":"CVE-2021-23509","details":"This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.","aliases":["GHSA-8gwj-8hxc-285w"],"modified":"2026-03-14T10:47:58.898185Z","published":"2021-11-03T18:15:08.073Z","related":["SNYK-JAVA-ORGWEBJARSNPM-1767165","SNYK-JS-JSONPTR-1577291"],"references":[{"type":"FIX","url":"https://github.com/flitbit/json-ptr/commit/5dc458fbad1c382a2e3ca6d62e66ede3d92849ca"},{"type":"FIX","url":"https://github.com/flitbit/json-ptr/pull/42"},{"type":"FIX","url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1767165"},{"type":"FIX","url":"https://snyk.io/vuln/SNYK-JS-JSONPTR-1577291"},{"type":"PACKAGE","url":"https://github.com/flitbit/json-ptr%23security-vulnerabilities-resolved"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"3.0.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23509.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}