Debian-LTS has issued an advisory today (December 7):
The issue is fixed upstream in 0.4.0.
Mageia 8 is also affected.
Fixed upstream in 0.4.0
This pkg has been quiet since it was introduced over 4y ago!
Assigning this update to its registered maintainer Stig.
CVE-2021-3918: node-json-schema, JSON Schema validation and specifications, was vulnerable to Improperly Controlled Modification of Object Prototype Attributes.
Uploaded to core/updates_testing
Fixed upstream in 0.4.0 =>
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
No wiki, no previous updates, so searching
# urpmq --whatrequires nodejs-json-schema
# urpmq --whatrequires-recursive nodejs-json-schema
This all looks developer's territory to me, so I OK on clean install, unless someone jumps in with better ideas.
Validating. Advisory in comment 2.
An update for this issue has been pushed to the Mageia Updates repository.