Home > Vulnerability Database > CVE-2020-15366

Mend.io Vulnerability Database

CVE-2020-15366

Good to know:

Date: July 15, 2020

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

Language: JS

Severity Score

5.6

Related Resources (8)

Url: https://github.com/ajv-validator/ajv/tags

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15366

Url: https://access.redhat.com/security/cve/CVE-2020-15366

Url: https://hackerone.com/bugs?subject=user&report_id=894259

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-15366

Url: https://security-tracker.debian.org/tracker/CVE-2020-15366

Url: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3

Url: https://www.mend.io/vulnerability-database/CVE-2020-15366

Severity Score

5.6

Weakness Type (CWE)

Input Validation

CWE-20

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version ajv - 6.12.3

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-15366

Good to know:

Date: July 15, 2020

Language: JS

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?