Количество 2
Количество 2
CVE-2019-19507
In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
GHSA-rh46-3fgc-mvrf
Validation bypass is possible in Json Pattern Validator
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-19507 In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result. | CVSS3: 5.3 | 0% Низкий | около 6 лет назад |
| GHSA-rh46-3fgc-mvrf Validation bypass is possible in Json Pattern Validator | CVSS3: 5.3 | 0% Низкий | около 6 лет назад |
Уязвимостей на страницу