{ "dataType": "CVE_RECORD", "cveMetadata": { "state": "PUBLISHED", "cveId": "CVE-2025-69873", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-07-09T12:09:42.803Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-02-11T00:00:00.000Z" }, "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "ajv", "vendor": "ajv.js", "versions": [ { "lessThan": "6.14.0", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "8.17.2", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.14.0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.0", "versionEndExcluding": "8.17.2" } ] } ] } ], "descriptions": [ { "lang": "en", "value": "ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \"^(a|a)*$\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1333", "description": "CWE-1333 Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-02T20:22:25.698Z" }, "references": [ { "url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6" }, { "url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md" }, { "url": "https://github.com/github/advisory-database/pull/6991" }, { "url": "https://github.com/ajv-validator/ajv/pull/2588" }, { "url": "https://github.com/ajv-validator/ajv/releases/tag/v6.14.0" }, { "url": "https://github.com/ajv-validator/ajv/pull/2590" } ], "x_generator": { "engine": "enrichogram 0.0.1" }, "metrics": [ { "cvssV3_1": { "version": "3.1", "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } } ] }, "adp": [ { "problemTypes": [ { "descriptions": [ { "type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption" } ] } ], "metrics": [ { "cvssV3_1": { "scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE" } }, { "other": { "type": "ssvc", "content": { "timestamp": "2026-02-12T15:13:03.482882Z", "id": "CVE-2025-69873", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T17:25:31.651Z" } }, { "affected": [ { "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7" ], "defaultStatus": "affected", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8" ], "defaultStatus": "affected", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9" ], "defaultStatus": "affected", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9" ], "defaultStatus": "affected", "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:network_observ_optr:1.11::el9" ], "defaultStatus": "affected", "product": "Network Observability (NETOBSERV) 1.11.2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2.6::el9" ], "defaultStatus": "affected", "product": "Red Hat Ansible Automation Platform 2.6", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:rhdh:1.8::el9" ], "defaultStatus": "affected", "product": "Red Hat Developer Hub 1.8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:rhdh:1.9::el9" ], "defaultStatus": "affected", "product": "Red Hat Developer Hub 1.9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:edge_manager:1.0::el9" ], "defaultStatus": "affected", "product": "Red Hat Edge Manager 1.0", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_ai:2.16::el8" ], "defaultStatus": "affected", "product": "Red Hat OpenShift AI 2.16", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_ai:3.3::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift AI 3.3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift:4.14::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift:4.17::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4.17", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift:4.19::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4.19", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_devspaces:3.27::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Dev Spaces 3.27", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quay:3.14::el8" ], "defaultStatus": "affected", "product": "Red Hat Quay 3.14", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quay:3.15::el8" ], "defaultStatus": "affected", "product": "Red Hat Quay 3.15", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quay:3.16::el9" ], "defaultStatus": "affected", "product": "Red Hat Quay 3.16", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quay:3.9::el8" ], "defaultStatus": "affected", "product": "Red Hat Quay 3.9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:satellite:6.18::el9" ], "defaultStatus": "affected", "product": "Red Hat Satellite 6.18", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:confidential_compute_attestation:1" ], "defaultStatus": "affected", "product": "Confidential Compute Attestation", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:logging:5" ], "defaultStatus": "affected", "product": "Logging Subsystem for Red Hat OpenShift", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:workload_availability_nhc:0" ], "defaultStatus": "affected", "product": "Node HealthCheck Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_pipelines:1" ], "defaultStatus": "affected", "product": "OpenShift Pipelines", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:red_hat_3scale_amp:2" ], "defaultStatus": "affected", "product": "Red Hat 3scale API Management Platform 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2" ], "defaultStatus": "affected", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "affected", "product": "Red Hat build of Apicurio Registry 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:connectivity_link:1" ], "defaultStatus": "affected", "product": "Red Hat Connectivity Link 1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "affected", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:enterprise_linux_ai:3" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AI (RHEL AI) 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4" ], "defaultStatus": "affected", "product": "Red Hat Openshift Data Foundation 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_devspaces:3" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Dev Spaces", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_gitops:1" ], "defaultStatus": "affected", "product": "Red Hat OpenShift GitOps", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "affected", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:amq_streams:3" ], "defaultStatus": "affected", "product": "streams for Apache Kafka 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2.6::el10", "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10" ], "defaultStatus": "unaffected", "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:cryostat:4" ], "defaultStatus": "unaffected", "product": "Cryostat 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:gatekeeper:3" ], "defaultStatus": "unaffected", "product": "Gatekeeper 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "unaffected", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:network_observ_optr:1" ], "defaultStatus": "unaffected", "product": "Network Observability Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_mesh:2" ], "defaultStatus": "unaffected", "product": "OpenShift Service Mesh 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_mesh:3" ], "defaultStatus": "unaffected", "product": "OpenShift Service Mesh 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "unaffected", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4" ], "defaultStatus": "unaffected", "product": "Red Hat Advanced Cluster Security 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:amq_broker:7" ], "defaultStatus": "unaffected", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:apache_camel_hawtio:4" ], "defaultStatus": "unaffected", "product": "Red Hat build of Apache Camel - HawtIO 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:optaplanner:::el6" ], "defaultStatus": "unaffected", "product": "Red Hat build of OptaPlanner 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:directory_server:11" ], "defaultStatus": "unaffected", "product": "Red Hat Directory Server 11", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:directory_server:12" ], "defaultStatus": "unaffected", "product": "Red Hat Directory Server 12", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:directory_server:13" ], "defaultStatus": "unaffected", "product": "Red Hat Directory Server 13", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_ai" ], "defaultStatus": "unaffected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "unaffected", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:satellite:6" ], "defaultStatus": "unaffected", "product": "Red Hat Satellite 6", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:amq_streams:2" ], "defaultStatus": "unaffected", "product": "streams for Apache Kafka 2", "vendor": "Red Hat" } ], "datePublic": "2026-02-11T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1333", "description": "Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE" } ] } ], "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2025-69873" }, { "name": "RHBZ#2439070", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070" }, { "tags": [ "x_sadp-csaf-vex" ], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69873.json" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33371" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:13512" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6277" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:16874" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6309" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:9742" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6802" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36651" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:5807" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:19712" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:15091" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:14774" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:5910" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:5907" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:10093" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6192" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:7314" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6568" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6497" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:6567" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:5168" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:26214" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:26211" } ], "solutions": [ { "lang": "en", "value": "RHSA-2026:33371: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server" }, { "lang": "en", "value": "RHSA-2026:13512: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9" }, { "lang": "en", "value": "RHSA-2026:6277: Red Hat Ansible Automation Platform 2.6 for RHEL 9" }, { "lang": "en", "value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2" }, { "lang": "en", "value": "RHSA-2026:6309: Red Hat Ansible Automation Platform 2.6" }, { "lang": "en", "value": "RHSA-2026:9742: Red Hat Developer Hub 1.8" }, { "lang": "en", "value": "RHSA-2026:6802: Red Hat Developer Hub 1.9" }, { "lang": "en", "value": "RHSA-2026:36651: Red Hat Edge Manager 1.0" }, { "lang": "en", "value": "RHSA-2026:5807: Red Hat OpenShift AI 2.16" }, { "lang": "en", "value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3" }, { "lang": "en", "value": "RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14" }, { "lang": "en", "value": "RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15" }, { "lang": "en", "value": "RHSA-2026:5910: Red Hat OpenShift Container Platform 4.16" }, { "lang": "en", "value": "RHSA-2026:5907: Red Hat OpenShift Container Platform 4.17" }, { "lang": "en", "value": "RHSA-2026:10093: Red Hat OpenShift Container Platform 4.19" }, { "lang": "en", "value": "RHSA-2026:6192: Red Hat OpenShift Dev Spaces 3.27" }, { "lang": "en", "value": "RHSA-2026:7314: Red Hat Quay 3.14" }, { "lang": "en", "value": "RHSA-2026:6568: Red Hat Quay 3.15" }, { "lang": "en", "value": "RHSA-2026:6497: Red Hat Quay 3.16" }, { "lang": "en", "value": "RHSA-2026:6567: Red Hat Quay 3.16" }, { "lang": "en", "value": "RHSA-2026:5168: Red Hat Quay 3.9" }, { "lang": "en", "value": "RHSA-2026:26214: Red Hat Satellite 6.18" }, { "lang": "en", "value": "RHSA-2026:26211: Red Hat Satellite 6.18" } ], "timeline": [ { "lang": "en", "time": "2026-02-11T19:01:32.953Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2026-02-11T00:00:00.000Z", "value": "Made public." } ], "title": "ajv: ReDoS via $data reference", "workarounds": [ { "lang": "en", "value": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters." } ], "x_adpType": "supplier", "x_generator": { "engine": "sadp-cli 1.0.0" }, "providerMetadata": { "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-07-09T12:09:42.803Z" } } ] }, "dataVersion": "5.2" }