Improper Input Validation in jquery.json-viewer Library for Node.js
CVE-2022-30241

6.1MEDIUM

Key Information:

Vendor: Jquery Json-viewer Project
Status: Jquery Json-viewer
Vendor: CVE Published:; 4 May 2022

Summary

The jquery.json-viewer library for Node.js lacks proper character escaping, specifically for characters like '<' within JSON objects. This oversight can potentially allow attackers to exploit the library, leading to script injection vulnerabilities through crafted JSON data. Users of versions 1.4.0 and below should take precautions to mitigate the risk associated with this vulnerability.

References

https://github.com/abodelot/jquery.json-viewer/pull/26

x_refsource_MISC

https://www.npmjs.com/package/jquery.json-viewer

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 4, 2022
Vulnerability Reserved
May 4, 2022