ajv is vulnerable to Prototype Pollution
25
Low Risk
Ajv stores its registered formats in a plain JavaScript object, so a lookup by format name inherits properties from Object.prototype. When the $data option is enabled and a schema resolves the format keyword from a $data reference, an attacker-controlled value such as constructor, toString, or hasOwnProperty resolves to an inherited prototype function instead of undefined. Ajv then treats that inherited function as a format validator and invokes it, causing unexpected validation behavior or errors during validation. The fix stores the internal formats map as a null-prototype object (Object.create(null)) so prototype property names resolve to unknown formats.
You are affected if you are using a version that falls within the vulnerable range and you enable $data support (the $data option, or the experimental v5 option in older 3.x/4.x releases) and validate schemas that resolve the format keyword from $data-referenced, attacker-controllable data.
ajv is vulnerable to Prototype Pollution in versions 3.0.0 - 6.14.0 and 7.0.0 - 8.18.0.
Upgrade the ajv library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant