제출 #851809: Node.js @apidevtools/json-schema-ref-parser 15.3.5 Improperly Controlled Modification of Object Prototype Attribute정보

제목Node.js @apidevtools/json-schema-ref-parser 15.3.5 Improperly Controlled Modification of Object Prototype Attribute
설명@apidevtools/json-schema-ref-parser is affected by a prototype pollution vulnerability in the public $Refs.set() / Pointer.set() JSON Pointer write path. The affected API accepts user-controlled JSON Pointer tokens and performs nested property writes without blocking dangerous keys such as __proto__, constructor, or prototype. An attacker who can control the pointer path may write to Object.prototype, causing prototype pollution. Depending on how the polluted object properties are later used by the application, this may lead to logic corruption, denial of service, unsafe property resolution, or application-specific security impact. Affected version confirmed in the report: 15.3.5.
원천⚠️ https://github.com/APIDevTools/json-schema-ref-parser/issues/421
사용자
 Dremig (UID 95003)
제출2026. 06. 08. PM 07:26 (1 월 ago)
모더레이션2026. 07. 09. AM 08:00 (1 month later)
상태수락
VulDB 항목377123 [apidevtools json-schema-ref-parser 까지 15.3.5 lib/pointer.ts Refs.set/Pointer.set 권한 상승]
포인트들20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!