High severityNVD Advisory· Published Apr 23, 2021· Updated Sep 17, 2024
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17
CVE-2021-31405
Description
Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.vaadin:vaadin-bomMaven | >= 14.0.6, < 14.4.4 | 14.4.4 |
com.vaadin:vaadin-bomMaven | >= 15.0.0, < 17.0.11 | 17.0.11 |
Affected products
2- Vaadin/vaadin-text-field-flowv5Range: 2.0.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-2wqp-jmcc-mc77ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-31405ghsaADVISORY
- github.com/vaadin/flow-components/pull/442ghsax_refsource_MISCWEB
- github.com/vaadin/platform/security/advisories/GHSA-2wqp-jmcc-mc77ghsaWEB
- vaadin.com/security/cve-2021-31405ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.