CVE-2020-15366

Description

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

Risk Information

Base Score

5.6

MODERATE

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

Exploitation Probability

0.352

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4	Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.15	Windows
Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0	Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.11	Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 11.1	Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.2	Windows
(RHSA-2020:5499) nodejs:12 security and bug fix update nodejs-12.19.1-1.module+el8.3.0+8851+b7b41ca0.x86_64.rpm	Linux
(RHSA-2020:5499) nodejs:12 security and bug fix update nodejs-debugsource-12.19.1-1.module+el8.3.0+8851+b7b41ca0.x86_64.rpm	Linux
(RHSA-2020:5499) nodejs:12 security and bug fix update nodejs-devel-12.19.1-1.module+el8.3.0+8851+b7b41ca0.x86_64.rpm	Linux
(RHSA-2020:5499) nodejs:12 security and bug fix update nodejs-docs-12.19.1-1.module+el8.3.0+8851+b7b41ca0.noarch.rpm	Linux
(RHSA-2020:5499) nodejs:12 security and bug fix update nodejs-full-i18n-12.19.1-1.module+el8.3.0+8851+b7b41ca0.x86_64.rpm	Linux
(RHSA-2020:5499) nodejs:12 security and bug fix update npm-6.14.8-1.12.19.1.1.module+el8.3.0+8851+b7b41ca0.x86_64.rpm	Linux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-14.15.4-2.module+el8.3.0+9635+ffdf8381.x86_64.rpm	Linux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-debugsource-14.15.4-2.module+el8.3.0+9635+ffdf8381.x86_64.rpm	Linux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-devel-14.15.4-2.module+el8.3.0+9635+ffdf8381.x86_64.rpm	Linux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-docs-14.15.4-2.module+el8.3.0+9635+ffdf8381.noarch.rpm	Linux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-full-i18n-14.15.4-2.module+el8.3.0+9635+ffdf8381.x86_64.rpm	Linux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-nodemon-2.0.3-1.module+el8.3.0+6519+9f98ed83.noarch.rpm	Linux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm	Linux
(RHSA-2021:0551) nodejs:14 security and bug fix update npm-6.14.10-1.14.15.4.2.module+el8.3.0+9635+ffdf8381.x86_64.rpm	Linux
(RHSA-2021:0548)Moderate: security update nodejs-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpm	Linux
(RHSA-2021:0548)Moderate: security update nodejs-debuginfo-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpm	Linux
(RHSA-2021:0548)Moderate: security update nodejs-debugsource-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpm	Linux
(RHSA-2021:0548)Moderate: security update nodejs-devel-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpm	Linux
(RHSA-2021:0548)Moderate: security update nodejs-docs-10.23.1-1.module+el8.3.0+9502+012d8a97.noarch.rpm	Linux
(RHSA-2021:0548)Moderate: security update nodejs-full-i18n-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpm	Linux
(RHSA-2021:0548)Moderate: security update nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpm	Linux
(RHSA-2021:0548)Moderate: security update nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpm	Linux
(RHSA-2021:0548)Moderate: security update npm-6.14.10-1.10.23.1.1.module+el8.3.0+9502+012d8a97.x86_64.rpm	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234