WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-23388 Vulnerability in npm package forms

Description

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.

Remediation

References

https://github.com/caolan/forms/pull/214

https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0

https://snyk.io/vuln/SNYK-JS-FORMS-1296389

Related Vulnerabilities

CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.13

CVE-2019-10422 Vulnerability in maven package org.ukiuni.callotherjenkins:call-remote-job-plugin

CVE-2017-16088 Vulnerability in npm package safe-eval

CVE-2018-6874 Vulnerability in maven package org.webjars.npm:auth0-js

CVE-2017-7684 Vulnerability in maven package org.apache.openmeetings:openmeetings-server

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Tags

Third Party Advisory Patch NVD-CWE-noinfo