Code Injection in JSON schema

#VU64034 Code Injection in JSON schema

Cybersecurity Help s.r.o.

Published: 2022-06-07 | Updated: 2022-07-15

Vulnerability identifier: #VU64034

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3918

CWE-ID: CWE-94

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
JSON schema
Web applications / JS libraries

Vendor: Tom de Grunt

Description

The disclosed vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient sanitization of user-supplied data during the validation of a JSON object. A remote attacker can pass a specially crafted JSON file for validation and execute arbitrary code.

Mitigation
Install update from vendor's website.

Vulnerable software versions

JSON schema: 0.0.0 - 0.3.2

External links
http://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
http://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM MobileFirst Platform Foundation

Multiple vulnerabilities in IBM Watson Machine Learning Accelerator on Cloud Pak for Data

SUSE update for SUSE Manager Client Tools

SUSE update for Security Beta update for SUSE Manager Client Tools

SUSE update for Security Beta update for SUSE Manager Client Tools and Salt

Multiple vulnerabilities in IBM QRadar User Behavior Analytics

Multiple vulnerabilities in Dell Cloud Tiering Appliance

SUSE update for SUSE Manager Client Tools