In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize()
and the validate()
function used within schema-inspector.
[
{
"product": "schema-inspector",
"vendor": "Snyk",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 1.6.9"
}
]
}
]