GHSA-c332-w4jm-55wv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-c332-w4jm-55wv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-c332-w4jm-55wv/GHSA-c332-w4jm-55wv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-c332-w4jm-55wv
- Aliases
- Published
- 2021-05-04T17:42:02Z
- Modified
- 2023-11-08T04:05:48.467420Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8
- Details
-
Unsafe validation RegEx in
EmailValidatorcomponent incom.vaadin:vaadin-compatibility-serverversions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. - Database specific
{ "nvd_published_at": "2021-05-06T13:15:00Z", "github_reviewed_at": "2021-04-30T17:43:47Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-400" ] }- References
Affected packages
Maven / com.vaadin:vaadin-compatibility-server
Package
- Name
- com.vaadin:vaadin-compatibility-server
- View open source insights on deps.dev
- Purl
- pkg:maven/com.vaadin/vaadin-compatibility-server
Affected versions
8.*
8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.0.7
8.1.0
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.1.7
8.1.8
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.3.3
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0
8.5.1
8.5.2
8.6.0
8.6.1
8.6.2
8.6.3
8.6.4
8.7.0.beta1
8.7.0
8.7.1
8.7.2
8.8.0
8.8.1
8.8.2
8.8.3
8.8.4
8.8.5
8.8.6
8.9.0
8.9.1
8.9.2
8.9.3
8.9.4
8.10.0
8.10.1
8.10.2
8.10.3
8.10.4
8.10.5
8.11.0
8.11.1
8.11.2
8.11.3
8.12.0
8.12.1
8.12.2
8.12.3
8.12.4