Uncontrolled Resource Consumption
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-400: Uncontrolled Resource Consumption |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Using allErrors: true with the Ajv validation library causes it to collect every validation error, which can result in excessive memory use if processing bad input. This makes your application vulnerable if attackers intentionally send data designed to trigger many errors.
Impact#
An attacker could exploit this by submitting specially crafted input that generates a large number of validation errors, potentially exhausting server memory and causing a denial of service. This could disrupt application availability for legitimate users.