Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jointjs Subscribe
Filtered by product Jointjs
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-28480 1 Jointjs 1 Jointjs 2021-01-22 7.5 HIGH 9.8 CRITICAL
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution.
CVE-2020-28479 1 Jointjs 1 Jointjs 2021-01-22 5.0 MEDIUM 7.5 HIGH
The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.