PT-2021-7265 · Unknown+9 · Json-Schema+9

Kriszyp

·

Published

2021-10-03

·

Updated

2026-01-02

·

CVE-2021-3918

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions json-schema versions prior to 0.4.0
Description The issue is related to the improper control of modification of object prototype attributes, also known as 'Prototype Pollution'. This can occur when processing JSON files, potentially allowing a remote attacker to execute arbitrary code due to insufficient control over dynamically defined object characteristics.
Recommendations For versions prior to 0.4.0, update to version 0.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of dynamically defined object characteristics until a patch is available.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-915

Related Identifiers

ALSA-2021:5171
ALSA-2022:0350
BDU:2022-04683
CESA-2021_5171
CESA-2022_0350
CVE-2021-3918
DLA-3228-1
GHSA-896R-F27R-55MW
MGASA-2022-0463
OESA-2022-1769
OPENSUSE-SU-2022:0657-1
OPENSUSE-SU-2022:0704-1
OPENSUSE-SU-2022:0715-1
OPENSUSE-SU-2022_0657-1
OPENSUSE-SU-2022_0704-1
OPENSUSE-SU-2022_0715-1
OPENSUSE-SU-2022_1717-1
OPENSUSE-SU-2024:12723-1
RHSA-2021:5171
RHSA-2021_5171
RHSA-2022:0041
RHSA-2022:0246
RHSA-2022:0350
RHSA-2022:4914
RHSA-2022_0350
RLSA-2021:5171
RLSA-2022:0350
SUSE-RU-2024:0511-1
SUSE-SU-2022:0531-1
SUSE-SU-2022:0563-1
SUSE-SU-2022:0569-1
SUSE-SU-2022:0570-1
SUSE-SU-2022:0657-1
SUSE-SU-2022:0704-1
SUSE-SU-2022:0715-1
SUSE-SU-2022:1717-1
SUSE-SU-2022_1717-1
SUSE-SU-2023:2575-1
SUSE-SU-2023:2578-1
SUSE-SU-2023:2579-1
SUSE-SU-2024:0191-1
SUSE-SU-2024:0196-1
SUSE-SU-2024:0486-1
SUSE-SU-2024:0487-1
USN-6103-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Json-Schema