Filtered by vendor Jointjs Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-28480 1 Jointjs 1 Jointjs 2024-11-21 7.3 High
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution.
CVE-2020-28479 1 Jointjs 1 Jointjs 2024-11-21 5.9 Medium
The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.