Approved changes feed: RSS · Atom
cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Ajv.Js (1828af77-f78c-5dbb-bfab-ed6cd9987558) |
|---|---|
| Product | Ajv (c03569e3-9e83-5b70-b881-f0659b64dd5d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:cpan/data-jsonschema-ajv |
purl2cpe | 2026-06-01 10:15:37.346047 |
pkg:deb/debian/node-ajv |
purl2cpe | 2026-06-01 10:15:37.346050 |
pkg:deb/ubuntu/node-ajv |
purl2cpe | 2026-06-01 10:15:37.346053 |
pkg:github/ajv-validator/ajv |
purl2cpe | 2026-06-01 10:15:37.346056 |
pkg:maven/cljsjs/ajv |
purl2cpe | 2026-06-01 10:15:37.346058 |
pkg:npm/ajv |
purl2cpe | 2026-06-01 10:15:37.346061 |
pkg:sourceforge/ajv-json-schema.mirror |
purl2cpe | 2026-06-01 10:15:37.346064 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-69873 |
vulnerable | 2026-06-08 07:43:13.906110 |
Details available
LOW (2.9)
ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.
Published: 2026-02-11T00:00:00.000Z
Updated: 2026-06-30T03:15:35.561Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.