V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2020-15366
DEB
Medium

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provi…

CVSS
5.6
Medium
EPSS
0.02
p81
Published
2020-01-01
Updated
2020-01-01
Description

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

Tags · CWE
Pre-auth
CWE-1321
CWE-471
CAPEC-1
CAPEC-77
CAPEC-180
CAPEC-384
CAPEC-385
CAPEC-386
CAPEC-387
CAPEC-388
Affected products
Automation-hubAutomation-hubNode-ajvNode-ajvNode-ajvNode-ajvNode-ajvNode-ajvNode-ajvNode-ajvNode-ajvNode-ajvNode-ajvNode-ajvNode-ajvNode-ajvNode-ajvNode-ajvNode-ajvNodejs
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Timeline
2020-01-01
Published
2020-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: L
Low (L)
Integrity Impact
I: L
Low (L)
Availability Impact
A: L
Low (L)
Exploit indicators
EPSS
0.023 · p81
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
automation-hubTracked
automation-hubTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
node-ajvTracked
nodejsTracked
Showing first 20 of 44
Source databases
DEB
CVE
RED
UBU