जमा करें #851809: Node.js @apidevtools/json-schema-ref-parser 15.3.5 Improperly Controlled Modification of Object Prototype Attributeजानकारी

शीर्षकNode.js @apidevtools/json-schema-ref-parser 15.3.5 Improperly Controlled Modification of Object Prototype Attribute
विवरण@apidevtools/json-schema-ref-parser is affected by a prototype pollution vulnerability in the public $Refs.set() / Pointer.set() JSON Pointer write path. The affected API accepts user-controlled JSON Pointer tokens and performs nested property writes without blocking dangerous keys such as __proto__, constructor, or prototype. An attacker who can control the pointer path may write to Object.prototype, causing prototype pollution. Depending on how the polluted object properties are later used by the application, this may lead to logic corruption, denial of service, unsafe property resolution, or application-specific security impact. Affected version confirmed in the report: 15.3.5.
स्रोत⚠️ https://github.com/APIDevTools/json-schema-ref-parser/issues/421
उपयोगकर्ता
 Dremig (UID 95003)
सबमिशन08/06/2026 07:26 PM (1 महीना पहले)
संयम09/07/2026 08:00 AM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि377123 [apidevtools json-schema-ref-parser तक 15.3.5 lib/pointer.ts Refs.set/Pointer.set अधिकार वृद्धि]
अंक20

Interested in the pricing of exploits?

See the underground prices here!