Description
This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so it is assumed that this is applicable.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.6.6
References
Related Issues
- Code Injection in cryo - CVE-2018-3784
- Open Redirect in urijs - CVE-2022-0868
- Code Injection in mosc - CVE-2020-7672
- openssl.js is malware - CVE-2017-16065
- Tags:
- npm
- jsen
Anything's wrong? Let us know Last updated on September 11, 2023