CVE-2021-23388

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
snykCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
forms_projectforms
𝑥
< 1.2.1
forms_projectforms
1.3.0 ≤
𝑥
< 1.3.2
𝑥
= Vulnerable software versions
References
https://github.com/caolan/forms/pull/214
https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0
https://snyk.io/vuln/SNYK-JS-FORMS-1296389
https://github.com/caolan/forms/pull/214
https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0
https://snyk.io/vuln/SNYK-JS-FORMS-1296389