CVE-2022-35923

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-35923

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-35923.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-35923

Aliases

GHSA-xrx9-gj26-5wx9

Related

GHSA-xrx9-gj26-5wx9

Published

2022-08-02T20:15:09Z

Modified

2025-07-02T00:18:18.395597Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the lowercase() and uppercase() regex which could lead to a denial of service attack. In testing of the lowercase() function a payload of 'a' + 'a'.repeat(i) + 'A' with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue.

References

Affected packages

Git / github.com/imbrn/v8n

Affected ranges

Type: GIT
Repo: https://github.com/imbrn/v8n
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

92393862156fad190c05ec3f6e2bc73308dcd2f9

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v1.*

v1.0.1

v1.0.2

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.4.0

v1.5.0