271 matches found
CVE-2020-15366
An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...
CVE-2020-15366
CVE-2020-15366 affects Ajv (Another JSON Schema Validator) 6.12.2. A crafted JSON schema can trigger a prototype pollution vulnerability in the ajv.validate() function, potentially allowing execution of arbitrary code. This is explicitly described as enabling code execution via polluted prototype...
CVE-2020-15366
An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...
Node.js third-party modules: Arbitrary code execution via untrusted schemas in ajv
I would like to report an arbitrary code execution vulnerability in ajv. It allows to execute arbitrary code if an attacker-controlled schema is passed to the module. I have confirmed that this should be treated as a security issue. I labeled this as low because this is an unusual scenario, usual...
Airflowscan - Checklist And Tools For Increasing Security Of Apache Airflow
Checklist and tools for increasing security of Apache Airflow. DISCLAIMER This project NOT AFFILIATED with the Apache Foundation and the Airflow project, and is not endorsed by them. Contents The purpose of this project is provide tools to increase security of Apache Airflow. installations. This...
@cameronhunter/jest-json-schema (=2.1.0), @limedocs/core (>=1.0.0-beta.1 <=1.0.0-beta.13) +3 more potentially affected by unknown CVE via url-relative (=1.0.0)
url-relative NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on url-relative and may be impacted: - @cameronhunter/jest-json-schema =2.1.0 - @limedocs/core =1.0.0-beta.1, =0.9.0, =0.16.16 Source cves: unknown CVE Source advisory:...
Fedora Update for jackson-module-jsonSchema FEDORA-2019-df57551f6d
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 29 Update: jackson-module-jsonSchema-2.9.8-1.fc29
Add-on module for to support JSON Schema version 3 generation...
[SECURITY] Fedora 27 Update: nodejs-JSV-4.0.2-12.fc27
JSV is a JavaScript implementation of a extendable, fully compliant JSON Schema validator with the following features: The fastest extendable JSON validator available! Complete implementation of all current JSON Schema draft revisions. Supports creating individual environments sandboxes that...
[SECURITY] Fedora 28 Update: nodejs-JSV-4.0.2-12.fc28
JSV is a JavaScript implementation of a extendable, fully compliant JSON Schema validator with the following features: The fastest extendable JSON validator available! Complete implementation of all current JSON Schema draft revisions. Supports creating individual environments sandboxes that...
Man In The Middle (mitm)
json-schema is vulnerable to man-in-the-middle MitM attacks. The rubgems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct MitM attacks...