Description
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
References (4)
Core 4
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
Patch, Third Party Advisory
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
Exploit, Issue Tracking, Patch, Third Party Advisory
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
Vendor Advisory
https://security.netapp.com/advisory/ntap-20250117-0004/
Scores
CVSS v3
9.8
EPSS
0.0126
EPSS Percentile
79.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-1321
Status
published
Products (3)
debian/debian_linux
10.0
json-schema_project/json-schema
< 0.4.0
npm/json-schema
0 - 0.4.0npm
Published
Nov 13, 2021
Tracked Since
Feb 18, 2026