Description

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

Remediation

References

https://github.com/vaadin/flow-components/pull/442

https://vaadin.com/security/cve-2021-31405

Related Vulnerabilities

CVE-2016-1181 Vulnerability in maven package struts:struts

CVE-2020-2250 Vulnerability in maven package org.jenkins-ci.plugins:soapui-pro-functional-testing

CVE-2020-8127 Vulnerability in maven package org.webjars:reveal.js

CVE-2022-42467 Vulnerability in maven package org.apache.isis.core:isis-core-config

CVE-2020-15270 Vulnerability in npm package parse-server

Severity

High

Classification

CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Patch Third Party Advisory Vendor Advisory