Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-48038

MEDIUM NVD
CVSS Score 5.3
Severity MEDIUM
Published Jul 14, 2026
Vendor unknown

Description

joi is a schema description language and data validator for JavaScript. Prior to 17.13.4 and 18.2.1, denial of service is possible via an untrapped exception in services validating user-supplied JSON or object input with recursive link() schemas. When validate() is called without try/catch in a request handler, deeply nested input can trigger an unhandled RangeError and potentially crash the process; lower-impact paths using validateAsync() or try/catch produce a RangeError instead of a structured ValidationError. This issue is fixed in versions 17.13.4 and 18.2.1.

References