Base Score

MEDIUM6.1

CVE-2021-23447

This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).

VectorNETWORK

Published Byreport@snyk.io

Published DateOct 07, 2021, 17:15

Affected Versions(1)

teddy(npm)

Introduced0

Fixed0.5.9

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
teddy(npm)	0	0.5.9	N/A

Weakness Type (CWE):CWE-843

CVSS Metrics

Base Score

6.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

Base Score

MEDIUM6.1

Weakness Type (CWE):CWE-843

CVSS Metrics

Base Score

6.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE