Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE–2021–3918 #14

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix CVE–2021–3918 #14

wants to merge 1 commit into from

Conversation

debricked-staging[bot]
Copy link

@debricked-staging debricked-staging bot commented Oct 16, 2023
edited by debricked bot

CVE–2021–3918

Vulnerability details

Description

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

NVD

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

GitHub

json-schema is vulnerable to Prototype Pollution

json-schema before version 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').

GitLab Advisory Database (Open Source Edition)

Improperly Controlled Modification of Dynamically-Determined Object Attributes

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSS details - 9.8

 

CVSS3 metrics
Attack Vector Network
Attack Complexity Low
Privileges Required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
References

    json-schema is vulnerable to Prototype Pollution · CVE-2021-3918 · GitHub Advisory Database · GitHub
    NVD - CVE-2021-3918
    npm/json-schema/CVE-2021-3918.yml · main · GitLab.org / GitLab Advisory Database Open Source Edition · GitLab
    Don't allow proto property to be used for schema default/coerce, … · kriszyp/json-schema@22f1461 · GitHub
    Prototype Pollution vulnerability found in json-schema
    Create SECURITY.md · Issue #84 · kriszyp/json-schema · GitHub
    GitHub - kriszyp/json-schema: JSON Schema specifications, reference schemas, and a CommonJS implementation
    json-schema/lib/validate.js at master · kriszyp/json-schema · GitHub
    Protect against constructor modification, #84 · kriszyp/json-schema@b62f1da · GitHub
    Use a little more robust method of checking instances · kriszyp/json-schema@f6f6a3b · GitHub
    [SECURITY] [DLA 3228-1] node-json-schema security update

 

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more about the CVE

 

@debricked debricked bot force-pushed the debricked-fix-CVE_2021_3918-9383629b7fa077ce branch from f623054 to c697004 Compare December 8, 2023 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants