266 matches found
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
CentOS 8 : nodejs:12 (CESA-2020:5499)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:5499 advisory. - nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function CVE-2020-15366 - nodejs-yargs-parser: prototype pollution...
Oracle Linux 8 : nodejs:12 (ELSA-2020-5499)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5499 advisory. nodejs 1:12.19.1-1 - Resolves: RHBZ1901044, 1901045, 1901046, 1901047 - c-ares, ajv and y18n CVEs and yarn installability issues Tenable has extracted...
Moderate: Red Hat Security Advisory: nodejs:12 security and bug fix update
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
CVE-2020-15366
An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...
CVE-2020-15366
An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...
CVE-2020-15366
An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...
UBUNTU-CVE-2020-15366
An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...
Code injection
An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...
CVE-2020-15366
CVE-2020-15366 affects Ajv (Another JSON Schema Validator) 6.12.2. A crafted JSON schema can trigger a prototype pollution vulnerability in the ajv.validate() function, potentially allowing execution of arbitrary code. This is explicitly described as enabling code execution via polluted prototype...
CVE-2020-15366
An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...
CVE-2020-15366
An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...
Node.js third-party modules: Arbitrary code execution via untrusted schemas in ajv
I would like to report an arbitrary code execution vulnerability in ajv. It allows to execute arbitrary code if an attacker-controlled schema is passed to the module. I have confirmed that this should be treated as a security issue. I labeled this as low because this is an unusual scenario, usual...
Airflowscan - Checklist And Tools For Increasing Security Of Apache Airflow
Checklist and tools for increasing security of Apache Airflow. DISCLAIMER This project NOT AFFILIATED with the Apache Foundation and the Airflow project, and is not endorsed by them. Contents The purpose of this project is provide tools to increase security of Apache Airflow. installations. This...