CVE-2021-31405

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

Published: Apr 23, 2021
Updated: May 9, 2024
CVE: CVE-2021-31405
GHSA: GHSA-2wqp-jmcc-mc77
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
vaadin / flow	2.0.4	2.3.3
vaadin / flow	3.0.0	4.0.3
vaadin / vaadin	14.0.6	14.4.4
vaadin / vaadin	15.0.0	17.0.11
com.vaadin / vaadin-bom	14.0.6	14.4.4
com.vaadin / vaadin-bom	15.0.0	17.0.11

https://github.com/vaadin/flow-components/pull/442
https://github.com/vaadin/platform/security/advisories/GHSA-2wqp-jmcc-mc77
https://vaadin.com/security/cve-2021-31405

Vulnerability Database

291,049

CVE-2021-31405