Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-15366

Good to know:

icon
icon

Date: July 15, 2020

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

Language: JS

Severity Score

Related Resources (10)

https://security.netapp.com/advisory/ntap-20240621-0007
https://github.com/ajv-validator/ajv
https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f
https://github.com/ajv-validator/ajv/tags
https://access.redhat.com/security/cve/CVE-2020-15366
https://hackerone.com/bugs?subject=user&report_id=894259
https://nvd.nist.gov/vuln/detail/CVE-2020-15366
https://security.netapp.com/advisory/ntap-20240621-0007/
https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
https://www.mend.io/vulnerability-database/CVE-2020-15366

Severity Score

Weakness Type (CWE)

Input Validation

CWE-20

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Improperly Controlled Modification of Dynamically-Determined Object Attributes

CWE-915

Top Fix

icon

Upgrade Version

Upgrade to version ajv - 6.12.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us