VDB
CVE-2020-15366
CVE-2020-15366
PUBLISHED
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
EPSS 0.33% · 56.4th percentile
Risk Scores
EPSS Score
0.33%
56.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | node-ajv | 0, 6.10.2-1 |
| Ubuntu:18.04:LTS | node-ajv | 5.0.0-1, 0 |
Exploit Intelligence
- https://hackerone.com/bugs?subject=user&report_id=894259 (canonical)
- vul_jquery_fileupload_cve_2018_9206.yar (github-yara)
- vul_jquery_fileupload_cve_2018_9206.yar (github-yara)
- vul_jquery_fileupload_cve_2018_9206.yar (github-yara)
- vul_jquery_fileupload_cve_2018_9206.yar (github-yara)
- vul_jquery_fileupload_cve_2018_9206.yar (github-yara)
- vul_jquery_fileupload_cve_2018_9206.yar (github-yara)
- vul_jquery_fileupload_cve_2018_9206.yar (github-yara)
- vul_jquery_fileupload_cve_2018_9206.yar (github-yara)
- vul_jquery_fileupload_cve_2018_9206.yar (github-yara)
Timeline
- Oct 23, 2018 PoC Published
- Jul 15, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Jul 21, 2021 CVE Updated
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-15366 third-party-advisory
- https://github.com/ajv-validator/ajv/releases/tag/v6.12.3 third-party-advisory
- https://github.com/ajv-validator/ajv/tags third-party-advisory
- https://hackerone.com/bugs?subject=user&report_id=894259 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-15366 third-party-advisory