#VU64034 Code Injection in JSON schema


Published: 2022-06-07 | Updated: 2022-07-15

Vulnerability identifier: #VU64034

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3918

CWE-ID: CWE-94

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
JSON schema
Web applications / JS libraries

Vendor: Tom de Grunt

Description

The disclosed vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient sanitization of user-supplied data during the validation of a JSON object. A remote attacker can pass a specially crafted JSON file for validation and execute arbitrary code.

Mitigation
Install update from vendor's website.

Vulnerable software versions

JSON schema: 0.0.0 - 0.3.2

External links
http://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
http://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Watson Machine Learning Accelerator on Cloud Pak for Data
SUSE update for SUSE Manager Client Tools
SUSE update for SUSE Manager Client Tools
SUSE update for Security Beta update for SUSE Manager Client Tools
SUSE update for Security Beta update for SUSE Manager Client Tools and Salt
Multiple vulnerabilities in IBM QRadar User Behavior Analytics
Multiple vulnerabilities in Dell Cloud Tiering Appliance
SUSE update for SUSE Manager Client Tools
SUSE update for SUSE Manager Client Tools
SUSE update for SUSE Manager Client Tools