Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

GoogleOSV:GHSA-896R-F27R-55MW

HistoryNov 19, 2021 - 8:16 p.m.

Vulners
/
Osv
/
json-schema is vulnerable to Prototype Pollution

json-schema is vulnerable to Prototype Pollution

2021-11-1920:16:17

Google

osv.dev

0.005 Low

EPSS

Percentile

75.7%

JSON

json-schema before version 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’).

CPENameOperatorVersion
json-schemalt0.4.0

CPE	Name	Operator	Version
	json-schema	lt	0.4.0

References

github.com/kriszyp/json-schema

github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741

github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a

github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa

huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9

lists.debian.org/debian-lts-announce/2022/12/msg00013.html

nvd.nist.gov/vuln/detail/CVE-2021-3918

cvelist 1

cve 1

nessus 30

ubuntucve 1

debian 1

ibm 19

redhatcve 1

huntr 1

osv 7

openvas 17

github 1

cnvd 1

debiancve 1

prion 1

ubuntu 1

veracode 1

mageia 1

nvd 1

suse 6

redhat 9

rocky 3

oraclelinux 2

almalinux 2

redos 1

oracle 3

cvelist

CVE-2021-3918 Prototype Pollution in kriszyp/json-schema

2021-11-13 00:00:00

cve

CVE-2021-3918

2021-11-13 09:15:06

nessus

Debian DLA-3228-1 : node-json-schema - LTS security update

2022-12-07 00:00:00

Ubuntu 18.04 LTS / 20.04 LTS : JSON Schema vulnerability (USN-6103-1)

2023-05-24 00:00:00

SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2022:0657-1)

2022-03-03 00:00:00

ubuntucve

CVE-2021-3918

2021-11-13 00:00:00

debian

[SECURITY] [DLA 3228-1] node-json-schema security update

2022-12-06 19:15:29

ibm

Security Bulletin: Vulnerability in Json-schema library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-3918)

2022-07-14 02:18:15

Security Bulletin: Vulnerability in json4j - CVE-2021-3918 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator

2022-04-07 03:42:58

Security Bulletin: IBM Process Mining is vulnerable to Prototype Pollution due to json-schema CVE-2021-3918

2023-02-01 21:58:03

redhatcve

CVE-2021-3918

2021-11-18 18:01:43

huntr

Prototype Pollution in kriszyp/json-schema

2021-10-03 13:08:43

osv

node-json-schema vulnerability

2023-05-24 11:08:39

CVE-2021-3918

2021-11-13 09:15:06

node-json-schema - security update

2022-12-07 00:00:00

openvas

Debian: Security Advisory (DLA-3228-1)

2022-12-07 00:00:00

Mageia: Security Advisory (MGASA-2022-0463)

2022-12-14 00:00:00

Ubuntu: Security Advisory (USN-6103-1)

2023-05-25 00:00:00

github

json-schema is vulnerable to Prototype Pollution

2021-11-19 20:16:17

cnvd

json-schema has an unspecified vulnerability

2021-11-16 00:00:00

debiancve

CVE-2021-3918

2021-11-13 09:15:06

prion

Code injection

2021-11-13 09:15:00

ubuntu

JSON Schema vulnerability

2023-05-24 00:00:00

veracode

Prototype Pollution

2021-11-15 04:42:48

mageia

Updated nodejs-json-schema packages fix security vulnerability

2022-12-14 01:09:19

nvd

CVE-2021-3918

2021-11-13 09:15:06

suse

Security update for nodejs12 (important)

2022-03-02 00:00:00

Security update for nodejs8 (important)

2022-03-04 00:00:00

Security update for nodejs14 (important)

2022-03-04 00:00:00

redhat

(RHSA-2022:0041) Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update

2022-01-06 18:27:51

(RHSA-2021:5171) Moderate: nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

(RHSA-2022:0350) Moderate: nodejs:14 security, bug fix, and enhancement update

2022-02-01 20:08:39

rocky

nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

12 bug fix and enhancement update

2022-06-21 11:47:44

nodejs:14 security, bug fix, and enhancement update

2022-02-01 20:08:39

oraclelinux

nodejs:16 security, bug fix, and enhancement update

2021-12-16 00:00:00

nodejs:14 security, bug fix, and enhancement update

2022-02-02 00:00:00

almalinux

Moderate: nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

Moderate: nodejs:14 security, bug fix, and enhancement update

2022-02-01 20:08:39

redos

ROS-20240403-01

2024-04-03 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.005 Low

EPSS

Percentile

75.7%

JSON

Related for OSV:GHSA-896R-F27R-55MW