{"id":"CVE-2021-23624","details":"This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.","aliases":["GHSA-6g47-63mv-qpgh"],"modified":"2026-04-10T04:30:27.158008Z","published":"2021-11-03T18:15:08.130Z","related":["SNYK-JS-DOTTY-1577292"],"references":[{"type":"FIX","url":"https://github.com/deoxxa/dotty/commit/88f61860dcc274a07a263c32cbe9d44c24ef02d7"},{"type":"FIX","url":"https://snyk.io/vuln/SNYK-JS-DOTTY-1577292"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/deoxxa/dotty","events":[{"introduced":"0"},{"fixed":"88f61860dcc274a07a263c32cbe9d44c24ef02d7"}]},{"type":"GIT","repo":"https://github.com/deoxxa/dotty","events":[{"introduced":"0"},{"fixed":"88f61860dcc274a07a263c32cbe9d44c24ef02d7"}]}],"versions":["0.0.2","v0.1.0","v0.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23624.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"0.1.2"}]},{"events":[{"introduced":"0"},{"fixed":"0.1.2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}