CVE-2022-35923

Name of the Vulnerable Software and Affected Versions v8n versions prior to 1.5.1

Description The issue is related to an inefficient regular expression complexity in the lowercase() and uppercase() regex of the v8n javascript validation library. This could lead to a denial of service attack. Testing of the lowercase() function with a payload of 'a' + 'a'.repeat(i) + 'A' and 32 leading characters took 29443 ms to execute. The same issue happens with uppercase().

Recommendations For versions prior to 1.5.1, upgrade to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider disabling the lowercase() and uppercase() functions until a patch is available. Restrict access to these functions to minimize the risk of exploitation. Avoid using the lowercase() and uppercase() functions in sensitive areas of the application until the issue is resolved.