Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8
Package
Affected versions
>= 8.0.0, < 8.13.0
Patched versions
8.13.0
Description
Reviewed
Apr 30, 2021
Published to the GitHub Advisory Database
May 4, 2021
Published by the National Vulnerability Database
May 6, 2021
Last updated
Feb 1, 2023
Credits
-
StefanPenndorf Analyst
Unsafe validation RegEx in
EmailValidatorcomponent incom.vaadin:vaadin-compatibility-serverversions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.References