GHSA-xrx9-gj26-5wx9

Suggest an improvement
Source
https://github.com/advisories/GHSA-xrx9-gj26-5wx9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-xrx9-gj26-5wx9/GHSA-xrx9-gj26-5wx9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xrx9-gj26-5wx9
Aliases
Published
2022-10-07T07:33:44Z
Modified
2023-11-08T04:09:52.856541Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
v8n vulnerable to Inefficient Regular Expression Complexity
Details

Impact

Inefficient regular expression complexity of lowercase() and uppercase() regex could lead to a denial of service attack. With a formed payload 'a' + 'a'.repeat(i) + 'A', only 32 characters payload could take 29443 ms time execution when testing lowercase(). The same issue happens with uppercase().

Patches

v1.5.1

References

huntr.dev report Regular Expression Denial of Service (ReDoS) and Catastrophic Backtracking

For more information

If you have any questions or comments about this advisory: * Open an issue in v8n issues list * Email us at brunodev02221@gmail.com

References

Affected packages

npm / v8n

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.1