PT-2020-9133 · Unknown · Schema-Inspector

Feng Xiao

+1

·

Published

2020-01-22

·

Updated

2020-06-10

·

CVE-2019-10781

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions schema-inspector versions prior to 1.6.9
Description A maliciously crafted JavaScript object can bypass the sanitize() and the validate() functions used within schema-inspector.
Recommendations For versions prior to 1.6.9, update to version 1.6.9 or later to resolve the issue.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2019-10781
GHSA-R24H-634P-M72X
SNYK-JS-SCHEMAINSPECTOR-536970

Affected Products

Schema-Inspector