CVE-2021-23444
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.
Date published : 2021-09-21
https://github.com/clientIO/joint/commit/e5bf89efef6d5ea572d66870ffd86560de7830a8