CVE-2021-3794

vuelidate is vulnerable to Inefficient Regular Expression Complexity
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
@huntrdevCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
vuelidate_projectvuelidate
𝑥
< 2.0.0
vuelidate_projectvuelidate
2.0.0:alpha0
vuelidate_projectvuelidate
2.0.0:alpha1
vuelidate_projectvuelidate
2.0.0:alpha10
vuelidate_projectvuelidate
2.0.0:alpha11
vuelidate_projectvuelidate
2.0.0:alpha12
vuelidate_projectvuelidate
2.0.0:alpha13
vuelidate_projectvuelidate
2.0.0:alpha14
vuelidate_projectvuelidate
2.0.0:alpha15
vuelidate_projectvuelidate
2.0.0:alpha16
vuelidate_projectvuelidate
2.0.0:alpha17
vuelidate_projectvuelidate
2.0.0:alpha18
vuelidate_projectvuelidate
2.0.0:alpha19
vuelidate_projectvuelidate
2.0.0:alpha2
vuelidate_projectvuelidate
2.0.0:alpha20
vuelidate_projectvuelidate
2.0.0:alpha21
vuelidate_projectvuelidate
2.0.0:alpha22
vuelidate_projectvuelidate
2.0.0:alpha23
vuelidate_projectvuelidate
2.0.0:alpha24
vuelidate_projectvuelidate
2.0.0:alpha25
vuelidate_projectvuelidate
2.0.0:alpha3
vuelidate_projectvuelidate
2.0.0:alpha4
vuelidate_projectvuelidate
2.0.0:alpha5
vuelidate_projectvuelidate
2.0.0:alpha6
vuelidate_projectvuelidate
2.0.0:alpha7
vuelidate_projectvuelidate
2.0.0:alpha8
vuelidate_projectvuelidate
2.0.0:alpha9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/vuelidate/vuelidate/commit/1f0ca31c30e5032f00dbd14c4791b5ee7928f71d
https://huntr.dev/bounties/d8201b98-fb91-4c12-a6f7-181b4a20d9b7
https://github.com/vuelidate/vuelidate/commit/1f0ca31c30e5032f00dbd14c4791b5ee7928f71d
https://huntr.dev/bounties/d8201b98-fb91-4c12-a6f7-181b4a20d9b7