Description
Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
Remediation
References
https://github.com/vaadin/flow-components/pull/442
https://vaadin.com/security/cve-2021-31405
Related Vulnerabilities
CVE-2021-23337 Vulnerability in npm package lodash
CVE-2022-24819 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2021-32859 Vulnerability in maven package org.webjars.npm:github-com-baremetrics-calendar
CVE-2023-40314 Vulnerability in maven package org.opennms:opennms-webapp