CVE-2024-53848: check-jsonschema default caching for remote schemas allows for cache confusion
The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attacker can get a user to run check-jsonschema against a malicious schema URL, e.g., https://example.evil.org/schema.json, they can insert their own schema into the cache and it will be picked up and used instead of the appropriate schema.
Such a cache confusion attack could be used to allow data to pass validation which should have been rejected.
References
- github.com/advisories/GHSA-q6mv-284r-mp36
- github.com/python-jsonschema/check-jsonschema
- github.com/python-jsonschema/check-jsonschema/commit/c52714b85e6725b1b24516fbdedacb333b939152
- github.com/python-jsonschema/check-jsonschema/security/advisories/GHSA-q6mv-284r-mp36
- nvd.nist.gov/vuln/detail/CVE-2024-53848
Detect and mitigate CVE-2024-53848 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →