Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Inefficient Regular Expression Complexity in v8n
Vulnerability Description
v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload of 'a' + 'a'.repeat(i) + 'A' with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
v8n 安全漏洞
Vulnerability Description
v8n是Bruno C. Couto个人开发者的一个 JavaScript 验证库。 v8n 1.5.1以前的版本存在安全漏洞,该漏洞源于其lowercase()和uppercase()正则表达式的复杂度较低可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A