CVE-2020-15366 – ajv

Package

Manager: npm
Name: ajv
Vulnerable Version: >=0 <6.12.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00331 pctl0.55399

Details

Prototype Pollution in Ajv An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

Metadata

Created: 2022-02-10T23:30:59Z
Modified: 2024-06-21T21:33:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-v88g-cgmw-v5xw/GHSA-v88g-cgmw-v5xw.json
CWE IDs: ["CWE-1321", "CWE-915"]
Alternative ID: GHSA-v88g-cgmw-v5xw
Finding: F390
Auto approve: 1