CVE-2020-36320

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-36320

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36320.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36320

Aliases

GHSA-42j4-733x-5vcf

Published

2021-04-23T16:15:08.360Z

Modified

2026-04-11T13:53:13.837451Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

References

Affected packages

Git / github.com/vaadin/framework

Affected ranges

Type

GIT

Repo

https://github.com/vaadin/framework

Events

Introduced

b29ce01468ed115e942105986da362d665408033

Fixed

2e8b9d2b5b40652321aaa9d2bb2dba1041da7fc4

Database specific

{
    "versions": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.7.22"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36320.json"

vanir_signatures_modified

"2026-04-11T13:53:13Z"

vanir_signatures

[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/vaadin/framework/commit/2e8b9d2b5b40652321aaa9d2bb2dba1041da7fc4",
        "digest": {
            "function_hash": "70238186071019796089957604109989074107",
            "length": 803.0
        },
        "id": "CVE-2020-36320-0b17bf01",
        "deprecated": false,
        "target": {
            "file": "client/src/main/java/com/vaadin/client/widgets/Grid.java",
            "function": "resetDataAndSize"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/vaadin/framework/commit/2e8b9d2b5b40652321aaa9d2bb2dba1041da7fc4",
        "digest": {
            "function_hash": "159032919065872499528707002309020957668",
            "length": 2659.0
        },
        "id": "CVE-2020-36320-5403185e",
        "deprecated": false,
        "target": {
            "file": "client/src/main/java/com/vaadin/client/widgets/Grid.java",
            "function": "setDataSource"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/vaadin/framework/commit/2e8b9d2b5b40652321aaa9d2bb2dba1041da7fc4",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "112588331114063840301821684161472131075",
                "259725082016287695756474403627992790190",
                "285569396673585442444274777239224239797",
                "287030043245834058136881203736707252383",
                "163998985132657330949057748938740710735",
                "82967592614209807592900968106297214298",
                "326624101632401204292249361457727064036"
            ]
        },
        "id": "CVE-2020-36320-c5e9f4a9",
        "deprecated": false,
        "target": {
            "file": "client/src/main/java/com/vaadin/client/widgets/Grid.java"
        }
    }
]