{"id":"CVE-2022-35923","summary":"Inefficient Regular Expression Complexity in v8n","details":"v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload of 'a' + 'a'.repeat(i) + 'A' with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue.","aliases":["GHSA-xrx9-gj26-5wx9"],"modified":"2026-04-17T04:22:35.463011Z","published":"2022-08-02T20:10:11Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/35xxx/CVE-2022-35923.json","cwe_ids":["CWE-400"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/2d92f644-593b-43b4-bfd1-c8042ac60609/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/35xxx/CVE-2022-35923.json"},{"type":"ADVISORY","url":"https://github.com/imbrn/v8n/security/advisories/GHSA-xrx9-gj26-5wx9"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35923"},{"type":"FIX","url":"https://github.com/imbrn/v8n/commit/92393862156fad190c05ec3f6e2bc73308dcd2f9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imbrn/v8n","events":[{"introduced":"0"},{"fixed":"60afb53baab7c2e8de4dd9141633753a3a018a39"}]}],"versions":["v1.1.0","v1.2.0","v1.2.1","v1.3.0","v1.3.1","v1.3.2","v1.3.3","v1.4.0","v1.5.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-35923.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}