GHSA-xx4c-jj58-r7x6: 
JavaScript vulnerability analysis and mitigation

The vulnerability (GHSA-xx4c-jj58-r7x6) affects Validator.js versions 11.1.0 to 13.6.0, discovered and disclosed in 2021. It involves an inefficient Regular Expression complexity vulnerability specifically in the rtrim and trim sanitizers. The issue was identified by security researcher yetingli and was assigned a moderate severity rating with a CVSS score of 5.3 (GitHub Advisory).

The vulnerability is classified as CWE-1333 (Inefficient Regular Expression Complexity) and received a CVSS v3.0 base score of 5.3 (Moderate). The attack vector is Network-based, with low attack complexity, requiring no privileges or user interaction. The scope is unchanged, with no impact on confidentiality or integrity, but low impact on availability (NVD).

The vulnerability could lead to Regular Expression Denial of Service (ReDoS) when using the rtrim and trim sanitizers, potentially affecting the availability of systems implementing the vulnerable versions of validator.js (GitHub Issue).

The vulnerability was patched in validator.js version 13.7.0. The fix involved removing the regex-based implementation and replacing it with a faster and safer trim method inspired by Steven Levithan's approach (GitHub PR).