Vulnerability identifier: #VU64034
Vulnerability risk: High
Exploitation vector: Network
Vendor: Tom de Grunt
The disclosed vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient sanitization of user-supplied data during the validation of a JSON object. A remote attacker can pass a specially crafted JSON file for validation and execute arbitrary code.
Install update from vendor's website.
Vulnerable software versions
JSON schema: 0.0.0 - 0.3.2
Fixed software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?