npm package
jpv
pkg:npm/jpv
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-17479 | — | < 2.2.2 | 2.2.2 | Aug 10, 2020 | jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array. | ||
| CVE-2019-19507 | — | < 2.1.1 | 2.1.1 | Dec 2, 2019 | In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a crafted payload can overwrite thi |
- CVE-2020-17479Aug 10, 2020affected < 2.2.2fixed 2.2.2
jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array.
- CVE-2019-19507Dec 2, 2019affected < 2.1.1fixed 2.1.1
In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a crafted payload can overwrite thi