Описание
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle(), parse(), resolve(), dereference() functions.
A prototype pollution flaw was found in the API Dev Tools json-schema-ref-parser. This flaw allows a remote attacker to cause a denial of service, Cross-site scripting, or arbitrary code via the bundle(), parse(), resolve(), and dereference() functions.
Отчет
Red Hat Developer Hub does not use a vulnerable version of json-schema-ref-parser. Therefore, it is not affected by this vulnerability.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Serverless | json-schema-ref-parser | Will not fix | ||
| Red Hat build of Apicurio Registry 2 | json-schema-ref-parser | Will not fix | ||
| Red Hat Developer Hub | rhdh-operator-container | Not affected | ||
| Red Hat Developer Hub | rhdh/rhdh-hub-rhel9 | Not affected | ||
| Red Hat Discovery 1 | discovery-server-container | Not affected | ||
| Red Hat Integration Camel K 1 | json-schema-ref-parser | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.6 Medium
CVSS3
Связанные уязвимости
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() functions.
json-schema-ref-parser Prototype Pollution issue
EPSS
5.6 Medium
CVSS3