Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-15366

Опубликовано: 04 июл. 2020
Источник: redhat
CVSS3: 5.6

Описание

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.

Отчет

In both OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-ajv library to authenticated users only, therefore the impact is low.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 1kialiFix deferred
OpenShift Service Mesh 1servicemesh-grafanaFix deferred
Red Hat OpenShift Container Platform 3.11openshift3/ose-consoleFix deferred
Red Hat OpenShift Container Platform 4openshift4/ose-grafanaFix deferred
Red Hat OpenShift Virtualization 1kubevirt-web-uiWill not fix
Red Hat Automation Hub 4.2 for RHEL 7automation-hubFixedRHSA-2021:078109.03.2021
Red Hat Automation Hub 4.2 for RHEL 7python3-djangoFixedRHSA-2021:078109.03.2021
Red Hat Automation Hub 4.2 for RHEL 7python-bleachFixedRHSA-2021:078109.03.2021
Red Hat Automation Hub 4.2 for RHEL 7python-bleach-allowlistFixedRHSA-2021:078109.03.2021
Red Hat Automation Hub 4.2 for RHEL 7python-galaxy-importerFixedRHSA-2021:078109.03.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-471
https://bugzilla.redhat.com/show_bug.cgi?id=1857977nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function

5.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-15366

CVSS3: 5.6
ubuntu
около 5 лет назад

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

nvd логотип

CVE-2020-15366

CVSS3: 5.6
nvd
около 5 лет назад

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

debian логотип

CVE-2020-15366

CVSS3: 5.6
debian
около 5 лет назад

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Sch ...

github логотип

GHSA-v88g-cgmw-v5xw

CVSS3: 5.6
github
больше 3 лет назад

Prototype Pollution in Ajv

oracle-oval логотип

ELSA-2020-5499

oracle-oval
больше 4 лет назад

ELSA-2020-5499: nodejs:12 security and bug fix update (MODERATE)

5.6 Medium

CVSS3