You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
https://snyk.io/test/npm/widdershins
Please publish latest version of widdershins as we are getting vulnerability issue with this package ajv@5.5.2. Currently I have installed widdershins@4.0.1.
[](https://snyk.io/test/npm/widdershins#SNYK-JS-AJV-584908)Prototype Pollution
Vulnerable module: [ajv](https://www.npmjs.com/package/ajv)
Introduced through: swagger2openapi@6.2.3
Detailed paths
Introduced through: widdershins@4.0.1 › swagger2openapi@6.2.3 › oas-validator@4.0.8 › ajv@5.5.2
Remediation: Upgrade to swagger2openapi@7.0.0.
Overview
ajv is an Another JSON Schema Validator
Affected versions of this package are vulnerable to Prototype Pollution. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
https://snyk.io/test/npm/widdershins
Please publish latest version of widdershins as we are getting vulnerability issue with this package ajv@5.5.2. Currently I have installed widdershins@4.0.1.
Affected versions of this package are vulnerable to Prototype Pollution. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
Please provide solution for this.
Beta Was this translation helpful? Give feedback.
All reactions