v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload of 'a' + 'a'.repeat(i) + 'A' with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue.
References
Link | Resource |
---|---|
https://github.com/imbrn/v8n/commit/92393862156fad190c05ec3f6e2bc73308dcd2f9 | Patch Third Party Advisory |
https://github.com/imbrn/v8n/security/advisories/GHSA-xrx9-gj26-5wx9 | Third Party Advisory |
https://huntr.dev/bounties/2d92f644-593b-43b4-bfd1-c8042ac60609/ | Exploit Third Party Advisory |
https://github.com/imbrn/v8n/commit/92393862156fad190c05ec3f6e2bc73308dcd2f9 | Patch Third Party Advisory |
https://github.com/imbrn/v8n/security/advisories/GHSA-xrx9-gj26-5wx9 | Third Party Advisory |
https://huntr.dev/bounties/2d92f644-593b-43b4-bfd1-c8042ac60609/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/imbrn/v8n/commit/92393862156fad190c05ec3f6e2bc73308dcd2f9 - Patch, Third Party Advisory | |
References | () https://github.com/imbrn/v8n/security/advisories/GHSA-xrx9-gj26-5wx9 - Third Party Advisory | |
References | () https://huntr.dev/bounties/2d92f644-593b-43b4-bfd1-c8042ac60609/ - Exploit, Third Party Advisory |
21 Jul 2023, 20:49
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1333 |
08 Aug 2022, 15:17
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:v8n_project:v8n:*:*:*:*:*:node.js:*:* | |
CWE | NVD-CWE-Other | |
References | (MISC) https://huntr.dev/bounties/2d92f644-593b-43b4-bfd1-c8042ac60609/ - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/imbrn/v8n/commit/92393862156fad190c05ec3f6e2bc73308dcd2f9 - Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/imbrn/v8n/security/advisories/GHSA-xrx9-gj26-5wx9 - Third Party Advisory |
02 Aug 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-02 20:15
Updated : 2024-11-21 07:11
NVD link : CVE-2022-35923
Mitre link : CVE-2022-35923
CVE.ORG link : CVE-2022-35923
JSON object : View
Products Affected
v8n_project
- v8n