WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-31405 Vulnerability in maven package com.vaadin:vaadin-text-field-flow

Description

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

Remediation

References

https://github.com/vaadin/flow-components/pull/442

https://vaadin.com/security/cve-2021-31405

Related Vulnerabilities

CVE-2021-23399 Vulnerability in npm package wincred

CVE-2020-36282 Vulnerability in maven package com.rabbitmq.jms:rabbitmq-jms

CVE-2022-29249 Vulnerability in maven package io.github.javaezlib:javaez

CVE-2019-18213 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.emmet

CVE-2018-25050 Vulnerability in maven package org.webjars.npm:chosen-js

Severity

High

Classification

CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Patch Third Party Advisory Vendor Advisory