CVE-2020-15366 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-15366 Interim 1 4 2025-02-17T01:23:04Z current 2023-10-31T00:35:06Z 2025-02-17T01:23:04Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-15366 An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 nodejs-14.15.4-2.module+el8.3.0+9635+ffdf8381 nodejs-devel-14.15.4-2.module+el8.3.0+9635+ffdf8381 nodejs-docs-14.15.4-2.module+el8.3.0+9635+ffdf8381 nodejs-full-i18n-14.15.4-2.module+el8.3.0+9635+ffdf8381 nodejs-nodemon-2.0.3-1.module+el8.3.0+6519+9f98ed83 nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83 npm-6.14.10-1.14.15.4.2.module+el8.3.0+9635+ffdf8381 nodejs-14.15.4-2.module+el8.3.0+9635+ffdf8381 as a component of SUSE Liberty Linux 8 nodejs-devel-14.15.4-2.module+el8.3.0+9635+ffdf8381 as a component of SUSE Liberty Linux 8 nodejs-docs-14.15.4-2.module+el8.3.0+9635+ffdf8381 as a component of SUSE Liberty Linux 8 nodejs-full-i18n-14.15.4-2.module+el8.3.0+9635+ffdf8381 as a component of SUSE Liberty Linux 8 nodejs-nodemon-2.0.3-1.module+el8.3.0+6519+9f98ed83 as a component of SUSE Liberty Linux 8 nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83 as a component of SUSE Liberty Linux 8 npm-6.14.10-1.14.15.4.2.module+el8.3.0+9635+ffdf8381 as a component of SUSE Liberty Linux 8 An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.) CVE-2020-15366 SUSE Liberty Linux 8:nodejs-14.15.4-2.module+el8.3.0+9635+ffdf8381 SUSE Liberty Linux 8:nodejs-devel-14.15.4-2.module+el8.3.0+9635+ffdf8381 SUSE Liberty Linux 8:nodejs-docs-14.15.4-2.module+el8.3.0+9635+ffdf8381 SUSE Liberty Linux 8:nodejs-full-i18n-14.15.4-2.module+el8.3.0+9635+ffdf8381 SUSE Liberty Linux 8:nodejs-nodemon-2.0.3-1.module+el8.3.0+6519+9f98ed83 SUSE Liberty Linux 8:nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83 SUSE Liberty Linux 8:npm-6.14.10-1.14.15.4.2.module+el8.3.0+9635+ffdf8381 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L