CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3918 – Prototype Pollution in kriszyp/json-schema
https://notcve.org/view.php?id=CVE-2021-3918
13 Nov 2021 — json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') json-schema es vulnerable a la Modificación Indebida de Atributos de Prototipos de Objetos ('Contaminación de Prototipos') The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, exec... • https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •