CVE-2021-36716

A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
segmentis-email
𝑥
< 1.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/segmentio/is-email/releases
https://segment.com/docs/release_notes/2021-07-13-cve-2021-36716/
https://github.com/segmentio/is-email/releases
https://segment.com/docs/release_notes/2021-07-13-cve-2021-36716/