schema-inspector@1.5.9 vulnerabilities

Schema-Inspector is a powerful tool to sanitize and validate JS objects.

Direct Vulnerabilities

Known vulnerabilities in the schema-inspector package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Regular Expression Denial of Service (ReDoS)

schema-inspector is a JSON API sanitisation and validation module.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the email address validation. An input such as a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. would freeze the program or web browser page executing the code.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade schema-inspector to version 2.0.0 or higher.

<2.0.0
  • H
Internal Property Tampering

schema-inspector is a JSON API sanitisation and validation module.

Affected versions of this package are vulnerable to Internal Property Tampering. A maliciously crafted JavaScript object can bypass the sanitize() and the validate() function used within schema-inspector.

How to fix Internal Property Tampering?

Upgrade schema-inspector to version 1.6.9 or higher.

<1.6.9