In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.
References
Link | Resource |
---|---|
https://github.com/Atinux/schema-inspector/commit/345a7b2eed11bb6128421150d65f4f83fdbb737d | Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-SCHEMAINSPECTOR-536970 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2020-01-22T13:40:56
Updated: 2020-01-22T13:40:56
Reserved: 2019-04-03T00:00:00
Link: CVE-2019-10781
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-22T14:15:11.497
Modified: 2020-01-29T17:35:35.183
Link: CVE-2019-10781
JSON object: View
Redhat Information
No data.
CWE