Safety vulnerability ID: 74430
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of check-jsonschema are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data (CWE-349). This vulnerability allows attackers to inject and process untrusted $ref schemas alongside trusted schemas, potentially leading to cache poisoning or execution of malicious schemas. The attack vector involves crafting trusted schemas that include malicious $ref URLs, which are fetched and treated as trusted without proper validation. Vulnerable methods include schema loading and caching mechanisms. Exploitability is high if attackers can influence schema contents. Mitigation involves upgrading to versions where cache filenames are securely hashed using SHA256 and implementing strict validation of fetched schemas to ensure their integrity and authenticity.
Latest version: 0.29.4
A jsonschema CLI and pre-commit hook
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application