Prototype Pollution in simpl-schema

Severity:: High

Description

This affects the package simpl-schema before 1.10.2. Attacker controlled input into a schema could result in remote code execution within the scope of the surrounding application.

Recommendation

Update the simpl-schema package to the latest compatible version. Followings are version details:

Affected version(s): < 1.10.2
Patched version(s): 1.10.2

References

GHSA-9mx2-prfp-8hqp
snyk.io
CVE-2020-7742
CWE-1321
CAPEC-310
OWASP 2021-A6

Related Issues

Prototype Pollution in systeminformation - CVE-2020-26245
json-schema-ref-parser Prototype Pollution issue - CVE-2024-29651
shvl vulnerable to prototype pollution - CVE-2020-28278
Prototype Pollution in node-forge - CVE-2020-7720

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; simpl-schema

Anything's wrong? Let us know Last updated on February 01, 2023