Base Score

HIGH8.1

CVE-2024-29651

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() functions.

VectorNETWORK

Published Bycve@mitre.org

Published DateMay 20, 2024, 18:15

Affected Versions(1)

@apidevtools/json-schema-ref-parser(npm)

Introduced11.0.0

Fixed11.2.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
@apidevtools/json-schema-ref-parser(npm)	11.0.0	11.2.0	N/A

Weakness Type (CWE):CWE-1321

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://gist.github.com/tariqhawis/5db76b38112bba756615b688c32409ad

Base Score

HIGH8.1

Weakness Type (CWE):CWE-1321

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH