CVE-2024-53848

Name of the Vulnerable Software and Affected Versions: check-jsonschema versions prior to 0.30.0

Description: The default cache strategy in check-jsonschema uses the basename of a remote schema as the name of the file in the cache. This naming allows for conflicts, enabling an attacker to insert their own schema into the cache if a user runs check-jsonschema against a malicious schema URL. Such a cache confusion attack could be used to allow data to pass validation which should have been rejected.

Recommendations: For versions prior to 0.30.0, users can use the --no-cache flag to disable caching. For versions prior to 0.30.0, users can use the --cache-filename flag to select filenames for use in the cache, or to ensure that other usages do not overwrite the cached schema. For versions prior to 0.30.0, users can explicitly download the schema before use as a local file, as in curl -LOs https://example.org/schema.json; check-jsonschema --schemafile ./schema.json Upgrade to version 0.30.0 to patch the issue.