Lucene search

Json Pattern Validator Security Vulnerabilities

cve

CVE-2020-17479

jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted...

9.8CVSS

9.4AI Score

0.009EPSS

2020-08-10 08:15 PM

cve

CVE-2019-19507

In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a crafted payload can overwrite this builtin...

5.3CVSS

5.1AI Score

0.001EPSS

2019-12-02 05:15 PM