267 matches found
CVE-2025-57320
json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload,...
CVE-2025-57320
json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload,...
CVE-2025-57320
CVE-2025-57320 affects the package json-schema-editor-visual. Connected sources confirm a Prototype Pollution vulnerability in the setData and deleteData functions for versions up to and including 1.1.1, allowing a crafted payload to inject or delete properties on Object.prototype. Practical impa...
PT-2025-39350
Name of the Vulnerable Software and Affected Versions json-schema-editor-visual versions through 1.1.1 Description A Prototype Pollution issue exists in the setData and deleteData functions. Attackers can inject or delete properties on Object.prototype by providing a crafted payload, potentially...
CVE-2025-57320
json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload,...
json-schema-editor-vue 安全漏洞
json-schema-editor-vue is a json editor by AlbertZhang personal developer. A security vulnerability exists in json-schema-editor-vue 1.1.1 and earlier versions, which stems from prototype contamination in the setData and deleteData functions, which could lead to a denial of service attack...
CVE-2025-57320
json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload,...
Denial Of Service (DoS)
helm.sh/helm/v3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of crafted JSON Schema files with $ref pointing to /dev/zero, which allows an attacker to exhaust system memory leading to OOM termination...
Linux Distros Unpatched Vulnerability : CVE-2025-32387
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parse...
GO-2025-3887 Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion in helm.sh/helm
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion in helm.sh/helm...
Linux Distros Unpatched Vulnerability : CVE-2020-15366
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution...
AZL-66318 CVE-2025-55199 affecting package helm 3.14.2-10
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...
CVE-2025-55199
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...
Allocation of Resources Without Limits or Throttling
Overview github.com/helm/helm/pkg/chartutil is a package manager for kubernetes. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the processing of JSON Schema files containing $ref fields that point to device files such as /dev/zero. An...
Allocation of Resources Without Limits or Throttling
Overview helm.sh/helm/pkg/chartutil is a package that contains tools for working with charts. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the processing of JSON Schema files containing $ref fields that point to device files such as...
CVE-2025-55199 Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...
CVE-2025-55199
CVE-2025-55199 (Helm) : Pre-3.18.5 Helm can craft a JSON Schema file that may cause Helm to consume all memory and terminate with an OOM. The issue is resolved in Helm 3.18.5. A workaround is to ensure loaded charts do not reference /dev/zero via $ref. Remediation: upgrade to Helm 3.18.5 or later...
CVE-2025-53097
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's searchfiles tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent coul...
CVE-2025-53097 Roo Code extension vulnerable to Potential Information Leakage via JSON Schema
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's searchfiles tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent coul...
CVE-2025-53097
Roo Code extension (pre-3.20.3) allowed read access via the search_files tool outside the VS Code workspace, enabling potential data exposure if an attacker injects prompts. The attacker could exfiltrate data by writing to a JSON schema when the schema-fetch feature is enabled by default, trigger...