Miggo Logo

CVE-2020-15366:
Prototype Pollution in Ajv

5.6

CVSS Score
3.1

Basic Information

EPSS Score
0.56967%
Published
2/10/2022
Updated
6/21/2024
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
ajvnpm< 6.12.36.12.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from insufficient type validation in schema processing functions. The patch adds number validation checks to these limit-related schema keywords (maximum, maxItems, etc.), which were previously vulnerable to prototype pollution when non-number values were provided. The commit diff shows added validation logic in these specific template files, and the test cases demonstrate how malicious schemas with string values in numeric fields could pass schema validation but trigger errors during compilation after the fix. These functions directly handle schema property validation and were missing critical type checks that enabled prototype pollution attacks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in *jv.v*li**t*() in *jv (*k* *not**r JSON S***m* V*li**tor) *.**.*. * **r**ully *r**t** JSON s***m* *oul* ** provi*** t**t *llows *x**ution o* ot**r *o** *y prototyp* pollution. (W*il* untrust** s***m*s *r* r**omm*n*** ***ins

Reasoning

T** vuln*r**ility st*mm** *rom insu**i*i*nt typ* `v*li**tion` in s***m* pro**ssin* `*un*tions`. T** p*t** ***s num**r `v*li**tion` ****ks to t**s* limit-r*l*t** s***m* k*ywor*s (m*ximum, m*xIt*ms, *t*.), w*i** w*r* pr*viously vuln*r**l* to prototyp*