Approved changes feed: RSS · Atom

cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAjv.Js (1828af77-f78c-5dbb-bfab-ed6cd9987558)
ProductAjv (c03569e3-9e83-5b70-b881-f0659b64dd5d)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:cpan/data-jsonschema-ajv purl2cpe 2026-06-01 10:15:37.346047
pkg:deb/debian/node-ajv purl2cpe 2026-06-01 10:15:37.346050
pkg:deb/ubuntu/node-ajv purl2cpe 2026-06-01 10:15:37.346053
pkg:github/ajv-validator/ajv purl2cpe 2026-06-01 10:15:37.346056
pkg:maven/cljsjs/ajv purl2cpe 2026-06-01 10:15:37.346058
pkg:npm/ajv purl2cpe 2026-06-01 10:15:37.346061
pkg:sourceforge/ajv-json-schema.mirror purl2cpe 2026-06-01 10:15:37.346064

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-69873 vulnerable 2026-06-08 07:43:13.906110 Details available
LOW (2.9)
ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.
Published: 2026-02-11T00:00:00.000Z
Updated: 2026-06-30T03:15:35.561Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.