GHSA-2wqp-jmcc-mc77

Suggest an improvement
Source
https://github.com/advisories/GHSA-2wqp-jmcc-mc77
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-2wqp-jmcc-mc77/GHSA-2wqp-jmcc-mc77.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2wqp-jmcc-mc77
Aliases
Published
2021-04-19T14:47:34Z
Modified
2023-11-08T04:05:48.221232Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17
Details

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

  • https://vaadin.com/security/cve-2021-31405
References

Affected packages

Maven / com.vaadin:vaadin-bom

Package

Name
com.vaadin:vaadin-bom
View open source insights on deps.dev
Purl
pkg:maven/com.vaadin/vaadin-bom

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14.0.6
Fixed
14.4.4

Affected versions

14.*

14.0.6
14.0.7
14.0.8
14.0.9
14.0.10
14.0.11
14.0.12
14.0.13
14.0.14
14.0.15
14.1.0
14.1.1
14.1.2
14.1.3
14.1.4
14.1.5
14.1.16
14.1.17
14.1.18
14.1.19
14.1.20
14.1.21
14.1.22
14.1.23
14.1.24
14.1.25
14.1.26
14.1.27
14.1.28
14.2.0
14.2.1
14.2.2
14.2.3
14.3.0
14.3.1
14.3.2
14.3.3
14.3.4
14.3.5
14.3.6
14.3.7
14.3.8
14.3.9
14.4.0
14.4.1
14.4.2
14.4.3

Maven / com.vaadin:vaadin-bom

Package

Name
com.vaadin:vaadin-bom
View open source insights on deps.dev
Purl
pkg:maven/com.vaadin/vaadin-bom

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15.0.0
Fixed
17.0.11

Affected versions

15.*

15.0.0
15.0.1
15.0.2
15.0.3
15.0.4
15.0.5
15.0.6

16.*

16.0.0
16.0.1
16.0.2
16.0.3
16.0.4
16.0.5

17.*

17.0.0
17.0.1
17.0.2
17.0.3
17.0.4
17.0.6
17.0.7
17.0.8
17.0.9
17.0.10