CVE-2019-10781
CRITICALschema-inspector < 1.6.9 - Validation Bypass via Malicious JavaScript Object
Title source: llmDescription
In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-SCHEMAINSPECTOR-536970
Patch, Third Party Advisory x_refsource_confirm
https://github.com/Atinux/schema-inspector/commit/345a7b2eed11bb6128421150d65f4f83fdbb737d
Scores
CVSS v3
9.8
EPSS
0.0139
EPSS Percentile
68.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-668
Status
published
Products (2)
npm/schema-inspector
0 - 1.6.9npm
schema-inspector_project/schema-inspector
< 1.6.9
Published
Jan 22, 2020
Tracked Since
Feb 18, 2026