CVE Vulnerability

CVE-2022-35923

v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload of 'a' + 'a'.repeat(i) + 'A' with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/imbrn/v8n/security/advisories/GHSA-xrx9-gj26-5wx9 Third Party Advisory
https://github.com/imbrn/v8n/commit/92393862156fad190c05ec3f6e2bc73308dcd2f9 Patch Third Party Advisory
https://huntr.dev/bounties/2d92f644-593b-43b4-bfd1-c8042ac60609/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:v8n_project:v8n:*:*:*:*:*:node.js:*:*
Information

Published : 2022-08-02 08:15

Updated : 2022-08-08 03:17

NVD link : CVE-2022-35923

Mitre link : CVE-2022-35923

Products Affected
No products.
CWE
NVD-CWE-Other