CVE-2020-15366

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-15366

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15366.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15366

Aliases

GHSA-v88g-cgmw-v5xw

Related

Published

2020-07-15T20:15:13Z

Modified

2024-09-11T02:00:07Z

Severity

5.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

References

Affected packages

Debian:11 / node-ajv

Package

Name: node-ajv
Purl: pkg:deb/debian/node-ajv?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / node-ajv

Package

Name: node-ajv
Purl: pkg:deb/debian/node-ajv?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / node-ajv

Package

Name: node-ajv
Purl: pkg:deb/debian/node-ajv?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}