WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-23388 Vulnerability in npm package forms

Description

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.

Remediation

References

https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0

https://snyk.io/vuln/SNYK-JS-FORMS-1296389

https://github.com/caolan/forms/pull/214

Related Vulnerabilities

CVE-2021-43142 Vulnerability in maven package com.wutka:jox

CVE-2022-48285 Vulnerability in maven package org.webjars.npm:jszip

CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-imap4

CVE-2020-5222 Vulnerability in maven package org.opencastproject:opencast-kernel

CVE-2022-23539 Vulnerability in maven package org.webjars.npm:jsonwebtoken

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Tags

Patch Third Party Advisory NVD-CWE-noinfo