Skip to content

json-schema is vulnerable to Prototype Pollution

moderate severity Published Nov 19, 2021
We are still processing this advisory. You may have affected repositories that are not yet on this list. Check back soon for more.

Package

npm json-schema (npm)

Affected versions

< 0.4.0

Patched versions

0.4.0

Description

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

References

CVE ID

CVE-2021-3918

CVSS Score

9.8 Critical
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H