CVE-2024-29651: json-schema-ref-parser Prototype Pollution issue

May 20, 2024

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle(), parse(), resolve(), dereference() functions.

References

gist.github.com/tariqhawis/5db76b38112bba756615b688c32409ad
github.com/APIDevTools/json-schema-ref-parser
github.com/APIDevTools/json-schema-ref-parser/commit/8cad7f72c15b198f4d0b5b1c8a3a979b2e4baa82
github.com/advisories/GHSA-5f97-h2c2-826q
nvd.nist.gov/vuln/detail/CVE-2024-29651

Detect and mitigate CVE-2024-29651 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →