Home > Vulnerability Database > WS-2021-0129

Mend.io Vulnerability Database

WS-2021-0129

Good to know:

Date: August 19, 2025

There is a security vulnerability in json-ptr versions prior to v2.1.0 in which an unscrupulous actor may execute arbitrary code. If your code sends un-sanitized user input to json-ptr's .get() method, your project is vulnerable to this injection-style vulnerability.

Language: JS

Severity Score

7.5

Related Resources (8)

Url: https://www.npmjs.com/package/json-ptr

Url: https://github.com/flitbit/json-ptr/commit/2be9b5fbec8714577523b449a0fc71f700957936

Url: https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174

Url: https://www.huntr.dev/bounties/2-npm-json-ptr

Url: https://www.npmjs.com/advisories/1706

Url: https://github.com/418sec/json-ptr/pull/3

Url: https://github.com/flitbit/json-ptr/blob/456a1728b45c8663bb1ac20a249c5fb17495ec6b/README.md#security-vulnerability-prior-to-v210

Url: https://www.mend.io/vulnerability-database/WS-2021-0129

Severity Score

7.5

Weakness Type (CWE)

Code

CWE-17

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2021-0129

Good to know:

Date: August 19, 2025

Language: JS

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?