WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-23388 Vulnerability in npm package forms

Description

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.

Remediation

References

https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0

https://snyk.io/vuln/SNYK-JS-FORMS-1296389

https://github.com/caolan/forms/pull/214

Related Vulnerabilities

CVE-2016-1182 Vulnerability in maven package struts:struts

CVE-2021-4264 Vulnerability in maven package org.webjars.bower:dustjs-linkedin

CVE-2023-34620 Vulnerability in maven package org.hjson:hjson

CVE-2022-24728 Vulnerability in maven package org.webjars.npm:ckeditor4

CVE-2017-16008 Vulnerability in maven package org.webjars:i18next

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Tags

Patch Third Party Advisory NVD-CWE-noinfo