Vulnerabilities > CVE-2022-35923 - Unspecified vulnerability in V8N Project V8N

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

v8n-project

NVD

Published: 2022-08-02

Updated: 2023-07-21

Summary

v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload of 'a' + 'a'.repeat(i) + 'A' with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue.

Vulnerable Configurations

Part	Description	Count
Application	V8N_Project V8N Project V8N - V8N Project V8N 0.0.1 V8N Project V8N 0.0.2 V8N Project V8N 0.0.3 V8N Project V8N 1.0.1 V8N Project V8N 1.0.2 V8N Project V8N 1.1.0 V8N Project V8N 1.1.1 V8N Project V8N 1.1.2 V8N Project V8N 1.2.0 V8N Project V8N 1.2.1 V8N Project V8N 1.2.2 V8N Project V8N 1.2.3 V8N Project V8N 1.3.0 V8N Project V8N 1.3.1 V8N Project V8N 1.3.2 V8N Project V8N 1.3.3 V8N Project V8N 1.4.0 V8N Project V8N 1.5.0	19

Summary

Vulnerable Configurations

References