CVE-2022-35923 HIGH

CVE-2022-35923: Inefficient Regular Expression Complexity in v8n

Vendor Imbrn
Product v8n
Weakness CWE-400
Published August 2, 2022
Last update April 22, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload of 'a' + 'a'.repeat(i) + 'A' with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue.

Key dates

02Disclosure timeline

August 2, 2022 CVE published
April 22, 2025 Record updated