Security
Audit
ajv-allerrors-true
ajv-allerrors-true
By setting allErrors: true
in Ajv
library, all error objects will be allocated without limit. This allows the attacker to produce a huge number of errors which can lead to denial of service. Do not use allErrors: true
in production.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-400: Uncontrolled Resource Consumption