We found that a maliciously crafted json can bypass the validation logics of jpv.
The vulnerability is from the following code: jpv leverages the built-in constructor of unsafe user-input to detect type information. However, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
We found that a maliciously crafted json can bypass the validation logics of jpv.
The vulnerability is from the following code: jpv leverages the built-in constructor of unsafe user-input to detect type information. However, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
jpv/index.js
Lines 117 to 125 in e93d2f6
Reproduce Script
The text was updated successfully, but these errors were encountered: