CVE-2021-3918 (High) detected in json-schema-0.2.3.tgz

[mend-for-github-com[bot]]

CVE-2021-3918 - High Severity Vulnerability

Vulnerable Library - json-schema-0.2.3.tgz

JSON Schema validation and specifications

Library home page: https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz

Path to dependency file: /samples/testing-frameworks/appium/server-side/javascript/webdriver.io/package.json

Path to vulnerable library: /samples/testing-frameworks/appium/server-side/javascript/webdriver.io/node_modules/json-schema/package.json,/samples/testing-frameworks/appium/client-side/javascript/webdriver.io/node_modules/json-schema/package.json

Dependency Hierarchy: - cli-5.16.7.tgz (Root Library) - webdriverio-5.16.7.tgz - webdriver-5.16.7.tgz - request-2.88.0.tgz - http-signature-1.2.0.tgz - jsprim-1.4.1.tgz - :x: **json-schema-0.2.3.tgz** (Vulnerable Library)

Found in HEAD commit: 30c48e906cbf39e9fe11063135024fd3e98535f3

Found in base branch: master

Vulnerability Details

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Publish Date: 2021-11-13

URL: CVE-2021-3918

CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-3918

Release Date: 2021-11-13

Fix Resolution (json-schema): 0.4.0

Direct dependency fix Resolution (@wdio/cli): 5.16.9

---

:rescue_worker_helmet: Automatic Remediation is available for this issue

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.