Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-kh5k-ynnf-2bbx

Summary

Prototype Pollution in Ajv
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

Aliases

alias	CVE-2020-15366

alias	GHSA-v88g-cgmw-v5xw

Fixed_packages

url	pkg:deb/debian/node-ajv@6.12.4-1?distro=trixie
purl	pkg:deb/debian/node-ajv@6.12.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ajv@6.12.4-1%3Fdistro=trixie

url pkg:deb/debian/node-ajv@6.12.6-2

purl pkg:deb/debian/node-ajv@6.12.6-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1znw-5dwm-7ydy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ajv@6.12.6-2

url pkg:deb/debian/node-ajv@6.12.6-2?distro=trixie

purl pkg:deb/debian/node-ajv@6.12.6-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1znw-5dwm-7ydy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ajv@6.12.6-2%3Fdistro=trixie

url pkg:deb/debian/node-ajv@6.12.6-3?distro=trixie

purl pkg:deb/debian/node-ajv@6.12.6-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1znw-5dwm-7ydy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ajv@6.12.6-3%3Fdistro=trixie

url pkg:deb/debian/node-ajv@8.12.0~ds%2B~2.1.1-5?distro=trixie

purl pkg:deb/debian/node-ajv@8.12.0~ds%2B~2.1.1-5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1znw-5dwm-7ydy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ajv@8.12.0~ds%252B~2.1.1-5%3Fdistro=trixie

url pkg:deb/debian/node-ajv@8.17.1~ds%2B~3.0.1%2B~3.1.0-4?distro=trixie

purl pkg:deb/debian/node-ajv@8.17.1~ds%2B~3.0.1%2B~3.1.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1znw-5dwm-7ydy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ajv@8.17.1~ds%252B~3.0.1%252B~3.1.0-4%3Fdistro=trixie

url	pkg:deb/debian/node-ajv@8.18.0~ds%2B~cs6.1.1-1?distro=trixie
purl	pkg:deb/debian/node-ajv@8.18.0~ds%2B~cs6.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ajv@8.18.0~ds%252B~cs6.1.1-1%3Fdistro=trixie

url pkg:npm/ajv@6.12.3

purl pkg:npm/ajv@6.12.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1znw-5dwm-7ydy

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ajv@6.12.3

Affected_packages

url pkg:deb/debian/node-ajv@5.0.0-1

purl pkg:deb/debian/node-ajv@5.0.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kh5k-ynnf-2bbx

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ajv@5.0.0-1

url pkg:npm/ajv@6.12.2

purl pkg:npm/ajv@6.12.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1znw-5dwm-7ydy

vulnerability	VCID-kh5k-ynnf-2bbx

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ajv@6.12.2

url pkg:rpm/redhat/automation-hub@4.2.2-1?arch=el7pc

purl pkg:rpm/redhat/automation-hub@4.2.2-1?arch=el7pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mqaz-y2xw-sya2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/automation-hub@4.2.2-1%3Farch=el7pc

url pkg:rpm/redhat/automation-hub@4.2.2-1?arch=el8pc

purl pkg:rpm/redhat/automation-hub@4.2.2-1?arch=el8pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mqaz-y2xw-sya2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/automation-hub@4.2.2-1%3Farch=el8pc

url pkg:rpm/redhat/python3-django@2.2.18-1?arch=el7pc

purl pkg:rpm/redhat/python3-django@2.2.18-1?arch=el7pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-31xv-z8c6-a7bg

vulnerability	VCID-895a-ydc5-zfg6

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-es1t-7196-4kbb

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-mqaz-y2xw-sya2

vulnerability	VCID-q4x5-bxn7-5yht

vulnerability	VCID-t684-yp58-hkg8

vulnerability	VCID-vhdm-w6p1-uuh9

vulnerability	VCID-yw62-qbkq-9ygq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3-django@2.2.18-1%3Farch=el7pc

url pkg:rpm/redhat/python3-django@2.2.18-1?arch=el8pc

purl pkg:rpm/redhat/python3-django@2.2.18-1?arch=el8pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mqaz-y2xw-sya2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3-django@2.2.18-1%3Farch=el8pc

url pkg:rpm/redhat/python-bleach@3.3.0-1?arch=el8pc

purl pkg:rpm/redhat/python-bleach@3.3.0-1?arch=el8pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mqaz-y2xw-sya2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-bleach@3.3.0-1%3Farch=el8pc

url pkg:rpm/redhat/python-bleach@3.3.0-1?arch=el7pc

purl pkg:rpm/redhat/python-bleach@3.3.0-1?arch=el7pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mqaz-y2xw-sya2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-bleach@3.3.0-1%3Farch=el7pc

url pkg:rpm/redhat/python-bleach-allowlist@1.0.3-1?arch=el7pc

purl pkg:rpm/redhat/python-bleach-allowlist@1.0.3-1?arch=el7pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mqaz-y2xw-sya2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-bleach-allowlist@1.0.3-1%3Farch=el7pc

url pkg:rpm/redhat/python-bleach-allowlist@1.0.3-1?arch=el8pc

purl pkg:rpm/redhat/python-bleach-allowlist@1.0.3-1?arch=el8pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mqaz-y2xw-sya2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-bleach-allowlist@1.0.3-1%3Farch=el8pc

url pkg:rpm/redhat/python-galaxy-importer@0.2.15-1?arch=el7pc

purl pkg:rpm/redhat/python-galaxy-importer@0.2.15-1?arch=el7pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mqaz-y2xw-sya2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-galaxy-importer@0.2.15-1%3Farch=el7pc

url pkg:rpm/redhat/python-galaxy-importer@0.2.15-1?arch=el8pc

purl pkg:rpm/redhat/python-galaxy-importer@0.2.15-1?arch=el8pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mqaz-y2xw-sya2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-galaxy-importer@0.2.15-1%3Farch=el8pc

url pkg:rpm/redhat/python-galaxy-ng@4.2.2-1?arch=el8pc

purl pkg:rpm/redhat/python-galaxy-ng@4.2.2-1?arch=el8pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mqaz-y2xw-sya2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-galaxy-ng@4.2.2-1%3Farch=el8pc

url pkg:rpm/redhat/python-galaxy-ng@4.2.2-1?arch=el7pc

purl pkg:rpm/redhat/python-galaxy-ng@4.2.2-1?arch=el7pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mqaz-y2xw-sya2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-galaxy-ng@4.2.2-1%3Farch=el7pc

url pkg:rpm/redhat/python-pulp-ansible@1:0.5.6-1?arch=el8pc

purl pkg:rpm/redhat/python-pulp-ansible@1:0.5.6-1?arch=el8pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mqaz-y2xw-sya2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-pulp-ansible@1:0.5.6-1%3Farch=el8pc

url pkg:rpm/redhat/python-pulp-ansible@1:0.5.6-1?arch=el7pc

purl pkg:rpm/redhat/python-pulp-ansible@1:0.5.6-1?arch=el7pc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-1r67-1k83-8qej

vulnerability	VCID-9k9t-vp1a-z7bt

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-mqaz-y2xw-sya2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-pulp-ansible@1:0.5.6-1%3Farch=el7pc

url pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2?arch=el7

purl pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b6t-hfzu-7uf5

vulnerability	VCID-7tyw-ppyt-zqgr

vulnerability	VCID-cqs6-2ryh-43gj

vulnerability	VCID-e2wc-na6c-c3cr

vulnerability	VCID-fu8u-pxaa-43be

vulnerability	VCID-jqtk-shbr-nkaw

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-v5h1-gpt1-97bj

vulnerability	VCID-zj4d-e8r7-ufg3

vulnerability	VCID-ztt4-vnk7-7ycq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2%3Farch=el7

url pkg:rpm/redhat/rh-nodejs12-nodejs@12.19.1-2?arch=el7

purl pkg:rpm/redhat/rh-nodejs12-nodejs@12.19.1-2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fu8u-pxaa-43be

vulnerability	VCID-jqtk-shbr-nkaw

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-m4sn-7wuq-e3cd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs12-nodejs@12.19.1-2%3Farch=el7

url pkg:rpm/redhat/rh-nodejs14-nodejs@14.15.4-2?arch=el7

purl pkg:rpm/redhat/rh-nodejs14-nodejs@14.15.4-2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7tyw-ppyt-zqgr

vulnerability	VCID-fu8u-pxaa-43be

vulnerability	VCID-kh5k-ynnf-2bbx

vulnerability	VCID-m4sn-7wuq-e3cd

vulnerability	VCID-v5h1-gpt1-97bj

vulnerability	VCID-zj4d-e8r7-ufg3

vulnerability	VCID-ztt4-vnk7-7ycq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs14-nodejs@14.15.4-2%3Farch=el7

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15366

reference_id

reference_type

scores

value	0.00352
scoring_system	epss
scoring_elements	0.57641
published_at	2026-04-21T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57667
published_at	2026-04-16T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57637
published_at	2026-04-13T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57657
published_at	2026-04-12T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57678
published_at	2026-04-11T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57663
published_at	2026-04-18T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57606
published_at	2026-04-07T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.5763
published_at	2026-04-04T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57609
published_at	2026-04-02T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57659
published_at	2026-04-08T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58193
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15366

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366

reference_url

https://github.com/ajv-validator/ajv

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ajv-validator/ajv

reference_url

https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f

reference_url

https://github.com/ajv-validator/ajv/releases/tag/v6.12.3

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ajv-validator/ajv/releases/tag/v6.12.3

reference_url

https://github.com/ajv-validator/ajv/tags

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ajv-validator/ajv/tags

reference_url

https://hackerone.com/bugs?subject=user&report_id=894259

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/bugs?subject=user&report_id=894259

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15366

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15366

reference_url

https://security.netapp.com/advisory/ntap-20240621-0007

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0007

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1857977
reference_id	1857977
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1857977

reference_url

https://github.com/advisories/GHSA-v88g-cgmw-v5xw

reference_id

GHSA-v88g-cgmw-v5xw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v88g-cgmw-v5xw

reference_url	https://access.redhat.com/errata/RHSA-2020:4298
reference_id	RHSA-2020:4298
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4298

reference_url	https://access.redhat.com/errata/RHSA-2020:5305
reference_id	RHSA-2020:5305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5305

reference_url	https://access.redhat.com/errata/RHSA-2020:5499
reference_id	RHSA-2020:5499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5499

reference_url	https://access.redhat.com/errata/RHSA-2021:0421
reference_id	RHSA-2021:0421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0421

reference_url	https://access.redhat.com/errata/RHSA-2021:0521
reference_id	RHSA-2021:0521
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0521

reference_url	https://access.redhat.com/errata/RHSA-2021:0548
reference_id	RHSA-2021:0548
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0548

reference_url	https://access.redhat.com/errata/RHSA-2021:0551
reference_id	RHSA-2021:0551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0551

reference_url	https://access.redhat.com/errata/RHSA-2021:0781
reference_id	RHSA-2021:0781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0781

reference_url	https://access.redhat.com/errata/RHSA-2021:3917
reference_id	RHSA-2021:3917
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3917

Weaknesses

cwe_id	1321
name	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
description	The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

cwe_id	915
name	Improperly Controlled Modification of Dynamically-Determined Object Attributes
description	The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.

cwe_id	471
name	Modification of Assumed-Immutable Data (MAID)
description	The product does not properly protect an assumed-immutable element from being modified by an attacker.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kh5k-ynnf-2bbx

Vulnerability Instance