This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910686
- https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577287
No PoCs found on GitHub currently.