Prototype pollution in json-schema-ref-parser - CVE-2024-29651
Published: June 19, 2024
json-schema-ref-parser
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation in the bundle()`, `parse()`, `resolve()`, `dereference() functions. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.