GHSA-xrx9-gj26-5wx9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xrx9-gj26-5wx9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-xrx9-gj26-5wx9/GHSA-xrx9-gj26-5wx9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-xrx9-gj26-5wx9
- Aliases
- Published
- 2022-10-07T07:33:44Z
- Modified
- 2023-11-08T04:09:52.856541Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- v8n vulnerable to Inefficient Regular Expression Complexity
- Details
-
Impact
Inefficient regular expression complexity of
lowercase()anduppercase()regex could lead to a denial of service attack. With a formed payload'a' + 'a'.repeat(i) + 'A', only 32 characters payload could take 29443 ms time execution when testinglowercase(). The same issue happens withuppercase().Patches
v1.5.1
References
huntr.dev report Regular Expression Denial of Service (ReDoS) and Catastrophic Backtracking
For more information
If you have any questions or comments about this advisory: * Open an issue in v8n issues list * Email us at brunodev02221@gmail.com
- Database specific
{ "github_reviewed": true, "nvd_published_at": "2022-08-02T20:15:00Z", "github_reviewed_at": "2022-10-07T07:33:44Z", "severity": "HIGH", "cwe_ids": [ "CWE-1333", "CWE-400" ] }- References
Affected packages
npm / v8n
Package
- Name
- v8n
- View open source insights on deps.dev
- Purl
- pkg:npm/v8n