Sharp_Edged

**Name of the Vulnerable Software and Affected Versions** V8 versions 20.x through 25.x **Description** A flaw exists in V8's string hashing mechanism where integer-like strings are hashed to their numeric value, leading to predictable hash collisions. An attacker can exploit this by crafting requests that cause numerous collisions within V8's internal string table, resulting in a significant performance degradation of the Node.js process. The issue is commonly triggered by endpoints that utilize `JSON.parse()` with attacker-controlled input, as this function automatically internalizes short strings into the affected hash table. The root cause is an unseeded hash V8 uses for integer-looking strings, which requires quick reversibility to maintain performance optimizations. **Recommendations** Update to a version beyond 25.x.

**Name of the Vulnerable Software and Affected Versions** Node.js versions 24.0.0 and later **Description** The V8 release in Node.js reintroduced a HashDoS vulnerability due to changes in string hash computation using rapidhash. An attacker controlling the strings to be hashed can generate numerous hash collisions, even without knowing the hash seed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.