Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
References
Link | Resource |
---|---|
https://github.com/vaadin/flow-components/pull/442 | Patch Third Party Advisory |
https://vaadin.com/security/cve-2021-31405 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
05 May 2021, 17:43
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://vaadin.com/security/cve-2021-31405 - Vendor Advisory | |
References | (CONFIRM) https://github.com/vaadin/flow-components/pull/442 - Patch, Third Party Advisory | |
CWE | CWE-400 | |
CPE | cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:* cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
23 Apr 2021, 16:30
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-23 16:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-31405
Mitre link : CVE-2021-31405
CVE.ORG link : CVE-2021-31405
JSON object : View
Products Affected
vaadin
- vaadin
- flow
CWE
CWE-400
Uncontrolled Resource Consumption