Skip to main content
By setting allErrors: true in Ajv library, all error objects will be allocated without limit. This allows the attacker to produce a huge number of errors which can lead to denial of service. Do not use allErrors: true in production.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-400: Uncontrolled Resource Consumption