CVE-2020-15366

MEDIUM Year: 2020
CVSS v3 Score
5.6
Medium
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-1321
View all →

Vulnerability Description

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

Related Vulnerabilities

CVE-2020-7598

MEDIUM
CVSS:5.6(Medium)

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.

CWE-13212020

CVE-2025-31475

MEDIUM
CVSS:5.5(Medium)

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did no...

CWE-13212025

CVE-2023-2972

MEDIUM
CVSS:5.4(Medium)

Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3.

CWE-13212023

CVE-2020-7600

MEDIUM
CVSS:5.3(Medium)

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused ...

CWE-13212020

CVE-2020-7608

MEDIUM
CVSS:5.3(Medium)

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.

CWE-13212020

CVE-2020-7616

MEDIUM
CVSS:5.3(Medium)

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation...

CWE-13212020