@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) potentially affected by CVE-2020-17479 via jpv (=2.0.1)

jpv NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on jpv and may be impacted: - @pl-test/c =1.1.0, =1.1.1 - @pl-test/e =1.1.0 Source cves: CVE-2020-17479 Source advisory: OSV:GHSA-VH6R-G38F-Q3W8...

GHSA-VH6R-G38F-Q3W8 Validation bypass in jpv

jpv aka Json Pattern Validator before 2.2.2 does not properly validate input, as demonstrated by a corrupted array...

Validation Bypass

jpv is vulnerable to validation bypass. The vulnerability exists as it does not properly validate if the constructor of the data matches...

CVE-2020-17479

jpv aka Json Pattern Validator before 2.2.2 does not properly validate input, as demonstrated by a corrupted array...

CVE-2020-17479

CVE-2020-17479 affects jpv (Json Pattern Validator) prior to version 2.2.2. The issue is due to improper input validation, demonstrated by a corrupted array. Documented impact remains high (per CVSS data in the initial entry), but no exploitation details are provided within the supplied materials...

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) potentially affected by CVE-2019-19507 via jpv (=2.0.1)

jpv NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on jpv and may be impacted: - @pl-test/c =1.1.0, =1.1.1 - @pl-test/e =1.1.0 Source cves: CVE-2019-19507 Source advisory: OSV:GHSA-RH46-3FGC-MVRF...

Prototype Pollution

jpv is vulnerable to prototype pollution. Insufficient validation of JSON input allows the bypass of the validation logics of jpv. The built-in constructor can be overwritten to manipulate the type detection result...

CVE-2019-19507

In jpv aka Json Pattern Validator before 2.1.1, compareCommon can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': 'name':'Array'. This affects validate. Hence, a crafted payload can overwrite this builtin attribute to...

Design/Logic Flaw

In jpv aka Json Pattern Validator before 2.1.1, compareCommon can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': 'name':'Array'. This affects validate. Hence, a crafted payload can overwrite this builtin attribute to...

CVE-2019-19507

In jpv aka Json Pattern Validator before 2.1.1, compareCommon can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': 'name':'Array'. This affects validate. Hence, a crafted payload can overwrite this builtin attribute to...

CVE-2019-19507

CVE-2019-19507 affects jpv (Json Pattern Validator) prior to version 2.1.1. The vulnerability arises in compareCommon(), where internal attributes can be overwritten via a conflicting property name (e.g., constructor: { name: 'Array' }), allowing an attacker to bypass validation logic and manipul...