jsondiffpatch 0.3.11

Direct Vulnerabilities

Known vulnerabilities in the jsondiffpatch package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Prototype Pollution jsondiffpatch is a JSON diff & patch (object and array diff, text diff, multiple output formats) Affected versions of this package are vulnerable to Prototype Pollution via the `jsondiffpatch.patch()` and `jsondiffpatch/formatters/jsonpatch.patch()` APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property names and path segments are used to traverse and modify objects without restricting access to special properties like `__proto__` or `constructor.prototype`, allowing modification of `Object.prototype`. How to fix Prototype Pollution? Upgrade `jsondiffpatch` to version 0.7.6 or higher.	<0.7.6
M Cross-site Scripting (XSS) jsondiffpatch is a JSON diff & patch (object and array diff, text diff, multiple output formats) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM, attacker-controlled HTML can be interpreted by the browser, resulting in XSS. How to fix Cross-site Scripting (XSS)? Upgrade `jsondiffpatch` to version 0.7.6 or higher.	<0.7.6
L Cross-site Scripting (XSS) jsondiffpatch is a JSON diff & patch (object and array diff, text diff, multiple output formats) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via `HtmlFormatter::nodeBegin`. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer using the built-in html formatter on a private website. How to fix Cross-site Scripting (XSS)? Upgrade `jsondiffpatch` to version 0.7.2 or higher.	<0.7.2

Vulnerability

Vulnerable Version

Prototype Pollution

jsondiffpatch is a JSON diff & patch (object and array diff, text diff, multiple output formats)

Affected versions of this package are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property names and path segments are used to traverse and modify objects without restricting access to special properties like __proto__ or constructor.prototype, allowing modification of Object.prototype.

How to fix Prototype Pollution?

Upgrade jsondiffpatch to version 0.7.6 or higher.

<0.7.6

Cross-site Scripting (XSS)

jsondiffpatch is a JSON diff & patch (object and array diff, text diff, multiple output formats)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM, attacker-controlled HTML can be interpreted by the browser, resulting in XSS.

How to fix Cross-site Scripting (XSS)?

Upgrade jsondiffpatch to version 0.7.6 or higher.

<0.7.6

Cross-site Scripting (XSS)

jsondiffpatch is a JSON diff & patch (object and array diff, text diff, multiple output formats)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer using the built-in html formatter on a private website.

How to fix Cross-site Scripting (XSS)?

Upgrade jsondiffpatch to version 0.7.2 or higher.

<0.7.2

jsondiffpatch@0.3.11

JSON diff & patch (object and array diff, text diff, multiple output formats)

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically