Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/11 12:0 a.m.8 views

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

7.5CVSS6.1AI score0.00492EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2026/02/11 12:0 a.m.26 views

CVE-2025-69873

CVE-2025-69873 is an ReDoS in ajv when using the $data option. The vulnerability arises because the pattern keyword can take runtime data (JSON Pointer) and pass it to RegExp() without validation, enabling catastrophic backtracking. A sample payload with 31 characters can cause about 44 seconds o...

7.5CVSS6.1AI score0.00492EPSS
Exploits1References31
Debian CVE
Debian CVE
added 2026/02/11 12:0 a.m.4 views

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

7.5CVSS6.4AI score0.00492EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.15 views

PT-2026-7637

Name of the Vulnerable Software and Affected Versions ajv versions through 8.17.1 Description ajv Another JSON Schema Validator is susceptible to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data through JSON Pointer syntax $data...

7.5CVSS5.5AI score0.00492EPSS
Exploits1References345
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.14 views

PT-2021-23212 · Unknown +1 · Graphql-Playground-React +2

Name of the Vulnerable Software and Affected Versions: graphiql versions prior to 1.4.7 graphql-playground-react versions prior to 1.7.28 Description: The vulnerability allows for compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a...

7.1CVSS6.5AI score0.01182EPSS
Exploits0References16
Rows per page
Query Builder