Published: 15/07/2020 Updated: 02/12/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.6 | Impact Score: 3.4 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

Vulnerable Product	Search on Vulmon	Subscribe to Product
ajv.js ajv 6.12.2

Synopsis Moderate: nodejs:12 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...

Synopsis Moderate: rh-nodejs10-nodejs security update Type/Severity Security Advisory: Moderate Topic An update for rh-nodejs10-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Synopsis Moderate: nodejs:10 security update Type/Severity Security Advisory: Moderate Topic An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...

Synopsis Moderate: rh-nodejs12-nodejs security update Type/Severity Security Advisory: Moderate Topic An update for rh-nodejs12-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Synopsis Moderate: nodejs:14 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...

Synopsis Moderate: rh-nodejs14-nodejs security update Type/Severity Security Advisory: Moderate Topic An update for rh-nodejs14-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

Simple tool to parse json output of Snyk and output something that can be imported in Word or Excel (I use this when writing reports)

thethirdparty Simple tool to parse json output of Snyk and output something that can be imported in Word or Excel (I use this when writing reports) How to use This assumes you already have Snyk configured snyk test --file=composerlock --json > composerscanjson npm i --package-lock-only snyk test --file=package-lockjson --json > package-lockscanjson snyk test

CWE-1321 https://hackerone.com/bugs?subject=user&report_id=894259 https://github.com/ajv-validator/ajv/releases/tag/v6.12.3 https://github.com/ajv-validator/ajv/tags https://nvd.nist.gov https://github.com/jra89/thethirdparty https://access.redhat.com/errata/RHSA-2020:5499

CVE-2020-15366

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect