Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package jointjs, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2020-28480 — CVSS 7.3 (high): The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/j…
CVE-2020-28479 — CVSS 5.9 (medium): The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.
CVE-2021-23444 — CVSS 5.6 (medium): This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided…