schema-inspector@1.5.4 vulnerabilities

Schema-Inspector is a powerful tool to sanitize and validate JS objects.

  • latest version

    2.1.0

  • latest non vulnerable version

  • first published

    10 years ago

  • latest version published

    1 years ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the schema-inspector package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Regular Expression Denial of Service (ReDoS)

    schema-inspector is a JSON API sanitisation and validation module.

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the email address validation. An input such as a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. would freeze the program or web browser page executing the code.

    How to fix Regular Expression Denial of Service (ReDoS)?

    Upgrade schema-inspector to version 2.0.0 or higher.

    <2.0.0
    • H
    Internal Property Tampering

    schema-inspector is a JSON API sanitisation and validation module.

    Affected versions of this package are vulnerable to Internal Property Tampering. A maliciously crafted JavaScript object can bypass the sanitize() and the validate() function used within schema-inspector.

    How to fix Internal Property Tampering?

    Upgrade schema-inspector to version 1.6.9 or higher.

    <1.6.9