4 matches found
CVE-2025-69873
ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...
CVE-2025-69873
CVE-2025-69873 is an ReDoS in ajv when using the $data option. The vulnerability arises because the pattern keyword can take runtime data (JSON Pointer) and pass it to RegExp() without validation, enabling catastrophic backtracking. A sample payload with 31 characters can cause about 44 seconds o...
CVE-2025-69873
ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...
PT-2026-7637
Name of the Vulnerable Software and Affected Versions ajv versions through 8.17.1 Description ajv Another JSON Schema Validator is susceptible to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data through JSON Pointer syntax $data...