CVE-2021-31405

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
VaadinCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
vaadinflow
2.0.4 ≤
𝑥
< 2.3.3
vaadinflow
3.0.0 ≤
𝑥
< 4.0.3
vaadinvaadin
14.0.6 ≤
𝑥
< 14.4.4
vaadinvaadin
15.0.0 ≤
𝑥
< 17.0.11
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/vaadin/flow-components/pull/442
https://vaadin.com/security/cve-2021-31405
https://github.com/vaadin/flow-components/pull/442
https://vaadin.com/security/cve-2021-31405