CVE-2021-31405

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.12 % (46^th)

Affected Products 2

Advisories 1

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

Weaknesses

CWE-400: Uncontrolled Resource Consumption

CVE Status: PUBLISHED
CNA: Vaadin Ltd.
Published Date: 2021-04-23 16:15:08
(3 years ago)
Updated Date: 2021-05-05 17:43:05
(3 years ago)

Affected Products

Vaadin

Flow
Vaadin

Configuration #1

	CPE23	From	Up To
Vaadin Flow from 2.0.4 version and prior 2.3.3 version	cpe:2.3:a:vaadin:flow	>= 2.0.4	< 2.3.3
Vaadin Flow from 3.0.0 version and prior 4.0.3 version	cpe:2.3:a:vaadin:flow	>= 3.0.0	< 4.0.3
Vaadin from 14.0.6 version and prior 14.4.4 version	cpe:2.3:a:vaadin:vaadin	>= 14.0.6	< 14.4.4
Vaadin from 15.0.0 version and prior 17.0.11 version	cpe:2.3:a:vaadin:vaadin	>= 15.0.0	< 17.0.11