WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-23388 Vulnerability in npm package forms

Description

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.

Remediation

References

https://github.com/caolan/forms/pull/214

https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0

https://snyk.io/vuln/SNYK-JS-FORMS-1296389

Related Vulnerabilities

CVE-2023-38704 Vulnerability in npm package import-in-the-middle

CVE-2019-3580 Vulnerability in maven package org.openrefine:openrefine

CVE-2017-16190 Vulnerability in npm package dcdcdcdcdc

CVE-2021-21306 Vulnerability in maven package org.webjars.npm:marked

CVE-2023-44487 Vulnerability in maven package io.netty:netty-codec-http2

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Tags

Third Party Advisory Patch NVD-CWE-noinfo