3 matches found
CVE-2026-48038
Joi (JavaScript) vulnerability CVE-2026-48038: In versions prior to 17.13.4 and 18.2.1, validation of deeply nested user input via recursive link() schemas can trigger an unhandled RangeError when validate() runs without try/catch, potentially crashing the process. Fixed in 17.13.4 and 18.2.1. CV...
CVE-2026-48038 joi: Uncaught RangeError on deeply nested input through recursive `link()` schemas
joi is a schema description language and data validator for JavaScript. Prior to 17.13.4 and 18.2.1, denial of service is possible via an untrapped exception in services validating user-supplied JSON or object input with recursive link schemas. When validate is called without try/catch in a reque...
GHSA-Q7CG-457F-VX79 joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas
Impact Denial of service via untrapped exception in services validating user-supplied JSON / object input with recursive link schemas. The blast radius depends on how the application invokes joi: - Highest impact: validate called without try/catch in a request handler would cause an unhandled...