RSS   Vulnerabilities for 'Json pattern validator'   RSS

2020-08-10
 
CVE-2020-17479

CWE-20
 
 
jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array.

 
2019-12-02
 
CVE-2019-19507

CWE-287
 
 
In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

 

Copyright 2024, cxsecurity.com

 

Back to Top