CVE-2019-10781: Exposure of Resource to Wrong Sphere

June 10, 2020 (updated August 30, 2021)

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize() and the validate() function used within schema-inspector.

References

github.com/Atinux/schema-inspector/commit/345a7b2eed11bb6128421150d65f4f83fdbb737d
github.com/advisories/GHSA-r24h-634p-m72x
nvd.nist.gov/vuln/detail/CVE-2019-10781
snyk.io/vuln/SNYK-JS-SCHEMAINSPECTOR-536970

Code Behaviors & Features

Detect and mitigate CVE-2019-10781 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →