CVE-2021-23388

EUVD-2021-1307
The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
snykCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
forms_projectforms
𝑥
< 1.2.1
forms_projectforms
1.3.0 ≤
𝑥
< 1.3.2
𝑥
= Vulnerable software versions
References
https://github.com/caolan/forms/pull/214
https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0
https://snyk.io/vuln/SNYK-JS-FORMS-1296389
https://github.com/caolan/forms/pull/214
https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0
https://snyk.io/vuln/SNYK-JS-FORMS-1296389