by vicarius
log in join community
by @secatgourity
04 Jul 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Exploiting prototype pollution in @apidevtools/json-schema-ref-parser (CVE-2024-29651)

by @secatgourity
by @secatgourity
04 Jul 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Exploiting prototype pollution in @apidevtools/json-schema-ref-parser (CVE-2024-29651)

CVEs

CVE-2024-29651
8.1 High Severity

Screenshots from the blog posts

images/cly7221dr1z291gmw5dpvgr9a.jpgimages/cly7221dr1z291gmw5dpvgr9a.jpg

Summary

In this post, we will understand the prototype pollution issue in the @apidevtools/json-schema-ref-parser (CVE-2024-29651). We will analyze the vulnerable code, understand the PoC, and take a look at the patches to see how it was fixe.

Script link

(CVE-2024-29651) Prototype Pollution vulnerability affecting @apidevtools/json-schema-ref-parser, versions 11.0.0, 11.1.0

(CVE-2024-29651) Prototype Pollution vulnerability affecting @apidevtools/json-schema-ref-parser, versions 11.0.0, 11.1.0 - CVE-2024-29651.md

image

Description

Tags

#easy_to_exploit#opensource#nodejs#prototype-pollution#json-schema-ref-parser

@secatgourity

190 posts

Total vcoins

0

Social media links

Comments (0)