First published: Wed Jan 22 2020(Updated: )
In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.
Credit: report@snyk.io
Affected Software | Affected Version | How to fix |
---|---|---|
Schema-inspector Project Schema-inspector | <1.6.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10781 is a vulnerability in schema-inspector before version 1.6.9 that allows a maliciously crafted JavaScript object to bypass the sanitize() and validate() functions.
The severity of CVE-2019-10781 is critical with a score of 9.8.
CVE-2019-10781 affects schema-inspector versions up to and excluding 1.6.9.
To fix CVE-2019-10781, update schema-inspector to version 1.6.9 or later.
Yes, you can find more information about CVE-2019-10781 at the following references: [GitHub Commit](https://github.com/Atinux/schema-inspector/commit/345a7b2eed11bb6128421150d65f4f83fdbb737d), [Snyk Advisory](https://snyk.io/vuln/SNYK-JS-SCHEMAINSPECTOR-536970)