1. Home
  2. Vulnerabilities
  3. CVE-2020-15366

CVE-2020-15366

CVSS v3.1 5.6 (Medium)
56% Progress
CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 0.37 % (73th)
0.37% Progress
Affected Products 1
Advisories 13
NVD Status Modified
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

Weaknesses
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE Status
PUBLISHED
NVD Status
Modified
CNA
MITRE
Published Date
2020-07-15 20:15:13
(4 years ago)
Updated Date
2024-06-21 19:15:16
(2 months ago)

Affected Products

Ajv.js

Configuration #1

    CPE23 From Up To
  Ajv.js Ajv 6.12.2 cpe:2.3:a:ajv.js:ajv:6.12.2