Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2020-0344

Good to know:

icon
icon

Date: June 9, 2020

Arbitrary Code Execution vulnerability was found in is-my-json-valid before 2.20.3 via the fromatName function.

Language: JS

Severity Score

Related Resources (2)

https://github.com/mafintosh/is-my-json-valid/commit/3419563687df463b4ca709a2b46be8e15d6a2b3d
https://www.mend.io/vulnerability-database/WS-2020-0344

Severity Score

Weakness Type (CWE)

Code

CWE-17

Top Fix

icon

Upgrade Version

Upgrade to version seidemann-web/wave-theme - no_fix;seidemann-web/wave-theme - dev-omage-theme;seidemann-web/wave-theme - dev-WT-36/Sticky-Header-Fixes;seidemann-web/wave-theme - dev-fixUpLanguageConstants;neon-sys - 0.1.11;Tools.Npm - no_fix;nodejs - 8.8.1;is-my-json-valid - 2.20.3;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;chrisbraybrooke/laravel-ecommerce - 0.0.11;chrisbraybrooke/laravel-ecommerce - 0.0.56;Npm3 - no_fix;svg2png - no_fix;z3/t3build-node - 1.0.11;computerundsound/curserver - no_fix;computerundsound/curserver - 2.2.0;azure-cli - no_fix;Ncapsulate.Node.Shadow - no_fix;Betclic.BuildTools.Node - no_fix;ilhanet/erpnet-widget-resource - no_fix;kayrules/solatjakim-api-site - dev-version-1.0;oburatongoi/productivity - 0.3.36;oburatongoi/productivity - 0.0.13;Tinfoil - no_fix;jsdom - 11.11.0;yuan1994/wechat_web_devtools - 0.15.152901-core;Npm.js - no_fix;erdiko/user-admin - no_fix;erdiko/user-admin - dev-ER-91;jquery - 3.4.0;MIDIator.WebClient - 1.0.105;trezebits/trezevel-gallery - no_fix;NodeBin - no_fix;humanmade/coding-standards - v0.4.1;humanmade/coding-standards - dev-dependabot/npm_and_yarn/json-schema-0.4.0;Yarnpkg.Yarn - 0.26.1;Raml.Parser - 1.0.7;node-sass-bundle - 1.0.2;node-sass-bundle - no_fix;zombie.js - no_fix;spiral/toolkit - v0.9.0;spiral/toolkit - v0.8.18;spiral/toolkit - v0.8.20;limefamily/yii2-limetheme - 1.0.12;mpcmf/mpcmf-web-app - no_fix;mpcmf/mpcmf-web-app - 1.0.0.x-dev;Npm - no_fix;pwptemplatepusintek - no_fix;Yarn.MSBuild - 0.22.0;oxid-esales/wave-theme - dev-oxscript-google-analytics;dreamfactory/df-api-docs-ui - 1.1.0;org.webjars:browser-sync:no_fix;org.webjars:npm:4.0.2;org.webjars:npm:4.4.4;org.webjars.npm:bourbon-neat:2.1.0;org.webjars.npm:bower:1.8.12;org.webjars.npm:is-my-json-valid:2.20.5

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us