提交 #851809: Node.js @apidevtools/json-schema-ref-parser 15.3.5 Improperly Controlled Modification of Object Prototype Attribute信息

标题Node.js @apidevtools/json-schema-ref-parser 15.3.5 Improperly Controlled Modification of Object Prototype Attribute
描述@apidevtools/json-schema-ref-parser is affected by a prototype pollution vulnerability in the public $Refs.set() / Pointer.set() JSON Pointer write path. The affected API accepts user-controlled JSON Pointer tokens and performs nested property writes without blocking dangerous keys such as __proto__, constructor, or prototype. An attacker who can control the pointer path may write to Object.prototype, causing prototype pollution. Depending on how the polluted object properties are later used by the application, this may lead to logic corruption, denial of service, unsafe property resolution, or application-specific security impact. Affected version confirmed in the report: 15.3.5.
来源⚠️ https://github.com/APIDevTools/json-schema-ref-parser/issues/421
用户
 Dremig (UID 95003)
提交2026-06-08 19時26分 (1 月前)
管理2026-07-09 08時00分 (1 month later)
状态已接受
VulDB条目377123 [apidevtools json-schema-ref-parser 直到 15.3.5 lib/pointer.ts Refs.set/Pointer.set 权限提升]
积分20

Interested in the pricing of exploits?

See the underground prices here!