CVE-2019-10781

CRITICAL

Schema-inspector < 1.6.9 - Exposure to Wrong Actor

Title source: rule

Description

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.

References (2)

[Patch, Third Party Advisory] https://github.com/Atinux/schema-inspector/commit/345a7b2eed11bb6128421150d65f4f83fdbb737d

View Patch ZIP pw:eip

[Third Party Advisory] https://snyk.io/vuln/SNYK-JS-SCHEMAINSPECTOR-536970

Scores

CVSS v3 9.8

EPSS 0.0015

EPSS Percentile 35.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (2)

schema-inspector_project/schema-inspector < 1.6.9

npm/schema-inspector < 1.6.9npm

Timeline

Published Jan 22, 2020

Tracked Since Feb 18, 2026