This affects versions of package json-pointer up to and including 0.6.1. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-23820
https://gi…