Vulnerability

CVE-2020-15366

 Report advisory or correction

CVSS Score 5.6 medium

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-1321

References

https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15366

[CVE-2020-15366] CWE-1321

Description

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

Deviation Notice:
Sonatype's research suggests that this CVE's details differ from those defined at NVD or other reporting sources; sign in for details.

Sign up and see:

Detailed deviation notices:
  • Detailed deviations
  • References
  • Custom Descriptions [Coming Soon]
Sign Up
See ajv package information