json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
AV:N/AC:L/Au:N/C:P/I:P/A:P
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Debian |
|
Json-schema Project |
|
Redhat |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
Red Hat Advanced Cluster Management for Kubernetes 2 | |||
acm-grafana-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
acm-must-gather-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
acm-operator-bundle-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
application-ui-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
assisted-image-service-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
cert-policy-controller-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
cluster-backup-operator-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
clusterclaims-controller-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
cluster-curator-controller-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
clusterlifecycle-state-metrics-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
cluster-proxy-addon-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
config-policy-controller-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
console-api-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
console-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
discovery-operator-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
endpoint-monitoring-operator-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
governance-policy-propagator-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
governance-policy-spec-sync-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
governance-policy-status-sync-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
governance-policy-template-sync-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
grafana-dashboard-loader-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
grc-ui-api-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
grc-ui-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
iam-policy-controller-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
insights-client-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
insights-metrics-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
klusterlet-addon-controller-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
klusterlet-addon-operator-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
klusterlet-operator-bundle-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
kube-rbac-proxy-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
kube-state-metrics-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
managedcluster-import-controller-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
management-ingress-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
memcached-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
memcached-exporter-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
metrics-collector-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
multicloud-integrations-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
multicloud-manager-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
multiclusterhub-operator-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
multiclusterhub-repo-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
multicluster-observability-operator-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
multicluster-operators-application-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
multicluster-operators-channel-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
multicluster-operators-deployable-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
multicluster-operators-placementrule-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
multicluster-operators-subscription-operator-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
multicluster-operators-subscription-release-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
node-exporter-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
observatorium-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
observatorium-operator-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
openshift-hive-operator-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
placement-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
prometheus-alertmanager-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
prometheus-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
provider-credential-controller-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
rbac-query-proxy-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
redisgraph-tls-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
registration-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
registration-operator-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
rhacm-agent-service-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
rhacm-assisted-installer-agent-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
rhacm-assisted-installer-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
rhacm-assisted-installer-reporter-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
search-aggregator-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
search-api-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
search-collector-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
search-operator-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
search-ui-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
submariner-addon-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
thanos-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
thanos-receive-controller-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
volsync-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
volsync-mover-rclone-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
volsync-mover-restic-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
volsync-mover-rsync-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
work-container | cpe:/a:redhat:acm:2.4::el8 | RHSA-2022:0735 | 2022-03-03T00:00:00Z |
acm-cluster-proxy-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
acm-governance-policy-addon-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
acm-grafana-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
acm-must-gather-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
acm-operator-bundle-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
acm-prometheus-config-reloader-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
acm-prometheus-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
acm-volsync-addon-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
cert-policy-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
cluster-backup-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
cluster-proxy-addon-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
config-policy-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
console-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
endpoint-monitoring-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
governance-policy-propagator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
governance-policy-spec-sync-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
governance-policy-status-sync-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
governance-policy-template-sync-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
grafana-dashboard-loader-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
iam-policy-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
insights-client-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
insights-metrics-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
klusterlet-addon-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
klusterlet-addon-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
kube-rbac-proxy-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
kube-state-metrics-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
management-ingress-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
memcached-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
memcached-exporter-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
metrics-collector-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
multicloud-integrations-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
multiclusterhub-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
multiclusterhub-repo-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
multicluster-observability-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
multicluster-operators-application-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
multicluster-operators-channel-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
multicluster-operators-subscription-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
node-exporter-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
observatorium-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
observatorium-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
prometheus-alertmanager-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
prometheus-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
rbac-query-proxy-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
redisgraph-tls-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
search-aggregator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
search-api-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
search-collector-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
search-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
submariner-addon-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
thanos-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
thanos-receive-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2022:4956 | 2022-06-09T00:00:00Z |
Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 | |||
rhacm2/application-ui-rhel8:v2.3.6-9 | cpe:/a:redhat:acm:2.3::el8 | RHSA-2022:0595 | 2022-03-04T00:00:00Z |
rhacm2/console-api-rhel8:v2.3.6-9 | cpe:/a:redhat:acm:2.3::el8 | RHSA-2022:0595 | 2022-03-04T00:00:00Z |
rhacm2/grc-ui-api-rhel8:v2.3.6-10 | cpe:/a:redhat:acm:2.3::el8 | RHSA-2022:0595 | 2022-03-04T00:00:00Z |
rhacm2/grc-ui-rhel8:v2.3.6-8 | cpe:/a:redhat:acm:2.3::el8 | RHSA-2022:0595 | 2022-03-04T00:00:00Z |
Red Hat Enterprise Linux 8 | |||
nodejs:12-8060020220523160029.ad008a3a | cpe:/a:redhat:enterprise_linux:8 | RHEA-2022:5139 | 2022-06-21T00:00:00Z |
nodejs:16-8050020211206113934.c5368500 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2021:5171 | 2021-12-16T00:00:00Z |
nodejs:14-8050020211213115342.c5368500 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2022:0350 | 2022-02-01T00:00:00Z |
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | |||
nodejs:12-8010020220518102644.c27ad7f8 | cpe:/a:redhat:rhel_e4s:8.1 | RHEA-2022:4925 | 2022-06-07T00:00:00Z |
Red Hat Enterprise Linux 8.2 Extended Update Support | |||
nodejs:12-8020020220523154454.4cda2c84 | cpe:/a:redhat:rhel_eus:8.2 | RHEA-2022:5221 | 2022-06-28T00:00:00Z |
Red Hat Enterprise Linux 8.4 Extended Update Support | |||
nodejs:12-8040020220523155137.522a0ee4 | cpe:/a:redhat:rhel_eus:8.4 | RHEA-2022:5615 | 2022-07-19T00:00:00Z |
nodejs:14-8040020211213111158.522a0ee4 | cpe:/a:redhat:rhel_eus:8.4 | RHSA-2022:0246 | 2022-01-25T00:00:00Z |
Red Hat OpenShift distributed tracing 2 | |||
opentelemetry-collector-container | cpe:/a:redhat:openshift_distributed_tracing:2.6::el8 | RHSA-2022:7055 | 2022-10-19T00:00:00Z |
opentelemetry-operator-container | cpe:/a:redhat:openshift_distributed_tracing:2.6::el8 | RHSA-2022:7055 | 2022-10-19T00:00:00Z |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | |||
rh-nodejs14-nodejs-0:14.18.2-1.el7 | cpe:/a:redhat:rhel_software_collections:3::el7 | RHSA-2022:0041 | 2022-01-06T00:00:00Z |
rh-nodejs14-nodejs-nodemon-0:2.0.3-6.el7 | cpe:/a:redhat:rhel_software_collections:3::el7 | RHSA-2022:0041 | 2022-01-06T00:00:00Z |
rh-nodejs12-nodejs-0:12.22.12-2.el7 | cpe:/a:redhat:rhel_software_collections:3::el7 | RHSA-2022:4914 | 2022-06-06T00:00:00Z |
References
History
Sun, 08 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:acm:2.4::el8 cpe:/a:redhat:acm:2.5::el8 |
Mon, 19 Aug 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:acm:2.5::el8 |
MITRE
Status: PUBLISHED
Assigner: @huntrdev
Published: 2021-11-13T00:00:00
Updated: 2024-08-03T17:09:09.702Z
Reserved: 2021-11-02T00:00:00
Link: CVE-2021-3918
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-11-13T09:15:06.737
Modified: 2024-11-21T06:22:46.393
Link: CVE-2021-3918
Redhat