Home > Vulnerability Database > CVE-2024-29651

Mend.io Vulnerability Database

CVE-2024-29651

Good to know:

Date: May 20, 2024

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()", "parse()", "resolve()", "dereference() functions.

Language: JS

Severity Score

8.1

Related Resources (5)

Url: https://github.com/APIDevTools/json-schema-ref-parser/commit/8cad7f72c15b198f4d0b5b1c8a3a979b2e4baa82

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29651

Url: https://gist.github.com/tariqhawis/5db76b38112bba756615b688c32409ad

Url: https://github.com/APIDevTools/json-schema-ref-parser

Url: https://www.mend.io/vulnerability-database/CVE-2024-29651

Severity Score

8.1

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version @apidevtools/json-schema-ref-parser - 11.2.0

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29651

Good to know:

Date: May 20, 2024

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?