Schema Inspector Project

schema-inspector_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Schema Inspector

schema-inspector

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-21267 2Netapp Schema Inspector Project 3E Series Performance Analyzer Oncommand InsightSchema Inspector Nov 21, 2024 Mar 19, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (...Show more Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS.Show less
CVE-2019-10781 1Schema Inspector Project 1Schema Inspector Nov 21, 2024 Jan 22, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-21267

2Netapp

Schema Inspector Project

3E Series Performance Analyzer

Oncommand InsightSchema Inspector

Nov 21, 2024

Mar 19, 2021

N/A· v4

7.5 HIGH· v3

5.0 MEDIUM· v2

Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS.Show less

CVE-2019-10781

1Schema Inspector Project

1Schema Inspector

Nov 21, 2024

Jan 22, 2020

N/A· v4

9.8 CRITICAL· v3

7.5 HIGH· v2

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.