Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7

Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

https://vaadin.com/security/cve-2020-36320

References

fluorumlabs published to vaadin/framework Apr 16, 2021

Reviewed Apr 16, 2021

Published to the GitHub Advisory Database Apr 19, 2021

Published by the National Vulnerability Database Apr 23, 2021

Last updated May 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Weaknesses

CVE ID

GHSA ID

Source code

Credits