The vulnerability stemmed from insufficient type validation in schema processing functions. The patch adds number validation checks to these limit-related schema keywords (maximum, maxItems, etc.), which were previously vulnerable to prototype pollution when non-number values were provided. The commit diff shows added validation logic in these specific template files, and the test cases demonstrate how malicious schemas with string values in numeric fields could pass schema validation but trigger errors during compilation after the fix. These functions directly handle schema property validation and were missing critical type checks that enabled prototype pollution attacks.