GHSA-j377-2x76-558h

Source

https://github.com/advisories/GHSA-j377-2x76-558h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-j377-2x76-558h/GHSA-j377-2x76-558h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-j377-2x76-558h

Aliases

CVE-2021-36716

Published

2021-12-10T17:25:21Z

Modified

2023-11-08T04:06:15.563828Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Improper Input Validation in is-email

Details

is-email helps validate an email address. A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU.

Database specific

{
    "cwe_ids": [
        "CWE-20",
        "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-07-15T18:43:45Z",
    "nvd_published_at": "2021-07-14T16:15:00Z",
    "severity": "HIGH"
}

References

Affected packages

npm / is-email

Package

Name: is-email; View open source insights on deps.dev
Purl: pkg:npm/is-email

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-j377-2x76-558h/GHSA-j377-2x76-558h.json"