WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-23388 Vulnerability in npm package forms

Description

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.

Remediation

References

https://github.com/caolan/forms/pull/214

https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0

https://snyk.io/vuln/SNYK-JS-FORMS-1296389

Related Vulnerabilities

CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:catalina-ant

CVE-2022-24839 Vulnerability in maven package net.sourceforge.nekohtml:nekohtml

CVE-2018-1000134 Vulnerability in maven package com.unboundid:unboundid-ldapsdk

CVE-2019-1003042 Vulnerability in maven package org.6wind.jenkins:lockable-resources

CVE-2023-33202 Vulnerability in maven package org.bouncycastle:bc-fips-debug

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Tags

Third Party Advisory Patch NVD-CWE-noinfo