Lucene search

GoogleOSV:CVE-2022-35923

HistoryAug 02, 2022 - 8:15 p.m.

CVE-2022-35923

2022-08-0220:15:09

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.1%

JSON

v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the lowercase() and uppercase() regex which could lead to a denial of service attack. In testing of the lowercase() function a payload of ‘a’ + ‘a’.repeat(i) + ‘A’ with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue.

CPENameOperatorVersion
v8neq0.0.2
v8neq1.4.0
v8neq1.5.0
v8neq1.3.3
v8neq0.0.3
v8neq1.1.1
v8neq1.3.0
v8neq1.1.0
v8neq0.0.1
v8neq1.1.2

Name	Operator	Version
v8n	eq	0.0.2
v8n	eq	1.4.0
v8n	eq	1.5.0
v8n	eq	1.3.3
v8n	eq	0.0.3
v8n	eq	1.1.1
v8n	eq	1.3.0
v8n	eq	1.1.0
v8n	eq	0.0.1
v8n	eq	1.1.2

Rows per page:

1-10 of 181

References

github.com/imbrn/v8n/commit/92393862156fad190c05ec3f6e2bc73308dcd2f9

github.com/imbrn/v8n/security/advisories/GHSA-xrx9-gj26-5wx9

huntr.dev/bounties/2d92f644-593b-43b4-bfd1-c8042ac60609/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.1%

JSON

Related for OSV:CVE-2022-35923