GHSA-2wqp-jmcc-mc77
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2wqp-jmcc-mc77
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-2wqp-jmcc-mc77/GHSA-2wqp-jmcc-mc77.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2wqp-jmcc-mc77
- Aliases
- Published
- 2021-04-19T14:47:34Z
- Modified
- 2023-11-08T04:05:48.221232Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17
- Details
-
Unsafe validation RegEx in
EmailFieldcomponent incom.vaadin:vaadin-text-field-flowversions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.- https://vaadin.com/security/cve-2021-31405
- Database specific
{ "nvd_published_at": "2021-04-23T16:15:00Z", "github_reviewed_at": "2021-04-16T23:13:14Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-400" ] }- References
Affected packages
Maven / com.vaadin:vaadin-bom
Package
- Name
- com.vaadin:vaadin-bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.vaadin/vaadin-bom
Affected versions
14.*
14.0.6
14.0.7
14.0.8
14.0.9
14.0.10
14.0.11
14.0.12
14.0.13
14.0.14
14.0.15
14.1.0
14.1.1
14.1.2
14.1.3
14.1.4
14.1.5
14.1.16
14.1.17
14.1.18
14.1.19
14.1.20
14.1.21
14.1.22
14.1.23
14.1.24
14.1.25
14.1.26
14.1.27
14.1.28
14.2.0
14.2.1
14.2.2
14.2.3
14.3.0
14.3.1
14.3.2
14.3.3
14.3.4
14.3.5
14.3.6
14.3.7
14.3.8
14.3.9
14.4.0
14.4.1
14.4.2
14.4.3
Maven / com.vaadin:vaadin-bom
Package
- Name
- com.vaadin:vaadin-bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.vaadin/vaadin-bom