From: james@bitrefactory.com   
      
   Package: node-ajv   
   Version: 8.17.1-1   
   Severity: important   
   Tags: security upstream   
      
   The ajv package through version 8.17.1   
   is vulnerable to Regular Expression Denial of Service (ReDoS) when the   
   $data option is enabled. The pattern keyword, when used with $data   
   references, passes runtime data directly to the JavaScript RegExp()   
   constructor without validation.   
      
   Affected Debian versions:   
   * unstable: 8.17.1~ds+~3.0.1+~3.1.0-4   
   * testing: 8.17.1~ds+~3.0.1+~3.1.0-4   
   * stable: 8.12.0~ds+~2.1.1-5   
      
   Fixed upstream in version 8.18.0.   
      
   https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e   
   2c9b0fe886c54cfe0d5   
      
   References:   
   * CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69873   
   * Disclosure: https://github.com/EthanKim88/ethan-cve-disclosure   
   /blob/main/CVE-2025-69873-ajv-ReDoS.md   
   ```   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)