CVE-2020-15366
Summary
| CVE | CVE-2020-15366 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-15 20:15:00 UTC |
| Updated | 2022-12-02 19:56:00 UTC |
| Description | An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.) |
Risk And Classification
Problem Types: CWE-1321
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Release v6.12.3 · ajv-validator/ajv · GitHub | MISC | github.com | Release Notes, Third Party Advisory |
| Tags · ajv-validator/ajv · GitHub | MISC | github.com | Third Party Advisory |
| HackerOne | MISC | hackerone.com | Permissions Required |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 377388 Alibaba Cloud Linux Security Update for nodejs:14 (ALINUX3-SA-2021:0016)
- 940231 AlmaLinux Security Update for nodejs:10 (ALSA-2021:0548)
- 940254 AlmaLinux Security Update for nodejs:14 (ALSA-2021:0551)
- 940276 AlmaLinux Security Update for nodejs:12 (ALSA-2020:5499)
- 960263 Rocky Linux Security Update for nodejs:12 (RLSA-2020:5499)
- 960749 Rocky Linux Security Update for nodejs:14 (RLSA-2021:0551)
- 960843 Rocky Linux Security Update for nodejs:10 (RLSA-2021:0548)