CVE-2020-7777: Code Injection in jsen
7.2
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.7577%
CWE
Published
2/10/2022
Updated
9/11/2023
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
jsen | npm | <= 0.6.6 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability occurs in the processing of the 'required' field in JSON schemas. The code responsible for handling the 'required' keyword (keywords.required
function) dynamically generates validation checks by concatenating user-controlled schema values into executable code strings. The PoC demonstrates that malicious values in the 'required' array (containing JavaScript code) get directly embedded into the generated validation function. This unsanitized code is then executed via Function.apply()
, leading to arbitrary code execution. The code at line 875 of jsen.js
(referenced in advisories) shows the pattern of building executable strings from schema values without proper sanitization.