A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()
, parse()
, resolve()
, dereference()
functions.
{ "nvd_published_at": "2024-05-20T18:15:10Z", "cwe_ids": [ "CWE-1321" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-05-20T21:03:12Z" }