WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-31405 Vulnerability in maven package com.vaadin:vaadin-text-field-flow

Description

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

Remediation

References

https://vaadin.com/security/cve-2021-31405

https://github.com/vaadin/flow-components/pull/442

Related Vulnerabilities

CVE-2022-24814 Vulnerability in npm package directus

CVE-2012-4431 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2019-10286 Vulnerability in maven package com.openmake:deployhub

CVE-2022-25979 Vulnerability in npm package jsuites

CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.jasny:bootstrap

Severity

High

Classification

CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Vendor Advisory Patch Third Party Advisory