WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-23388 Vulnerability in npm package forms

Description

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.

Remediation

References

https://github.com/caolan/forms/pull/214

https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0

https://snyk.io/vuln/SNYK-JS-FORMS-1296389

Related Vulnerabilities

CVE-2021-29452 Vulnerability in npm package a12n-server

CVE-2017-2608 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-12265 Vulnerability in maven package org.webjars.npm:decompress-tar

CVE-2023-4316 Vulnerability in maven package org.webjars.npm:zod

CVE-2017-2610 Vulnerability in maven package org.jenkins-ci.main:jenkins-war

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Tags

Third Party Advisory Patch NVD-CWE-noinfo