Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873

Summary IBM Maximo Application Suite - Visual Inspection component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validat...

exploit-surge-radar

Exploit Surge Radar Detect exploit-active vulnerability surge...

Linux Distros Unpatched Vulnerability : CVE-2025-69873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keywor...

GHSA-2G4F-4PWH-QVX6 ajv has ReDoS when using `$data` option

ajv Another JSON Schema Validator through version 8.17.1 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor...

ajv has ReDoS when using `$data` option

ajv Another JSON Schema Validator through version 8.17.1 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor...

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

DEBIAN-CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

UBUNTU-CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

Ajv JSON schema validator 安全漏洞

Ajv JSON schema validator is an open-source JSON format verifier developed by Ajv. Versions of Ajv JSON schema validator prior to 8.17.1 contained a security vulnerability. This vulnerability arises from the possibility of a denial-of-service attack due to the use of the $data option, which may...

1-sep-ui (>=0.0.1 <=0.0.2), 5e-quill-editor (=0.0.19) +5563 more potentially affected by CVE-2025-69873 via ajv (>=6.0.0 <=6.12.6)

ajv NPM version =6.0.0, =0.0.1, =1.0.23, =1.0.0, =0.0.2, =1.0.0, =0.0.10, =0.0.3, =1.0.6, =0.4.0, =0.0.1-bate.30, =0.0.1, =0.0.20, =0.0.65 and more Source cves: CVE-2025-69873 Source advisory: SNYK:JS-AJV-15274295...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:ajv is an Another JSON Schema Validator Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to improper validation of the pattern keyword when combined with $data references. An attacker can cause the application to become...

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

Linux Distros Unpatched Vulnerability : CVE-2020-15366

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution...

Security Bulletin: CVE-2020-15366 An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2.

Summary CVE-2020-15366 An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an...

nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function

A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...

wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This iss...

wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This iss...

wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This iss...