This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays. Reference: https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288 Upstream patch: https://github.com/janl/node-jsonpointer/pull/51
Created nodejs-jsonpointer tracking bugs for this issue: Affects: epel-7 [bug 2020366]