Stefan Penndorf

**Name of the Vulnerable Software and Affected Versions** com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 Vaadin versions 8.0.0 through 8.12.4 **Description** The issue is related to an unsafe validation RegEx in the EmailValidator component, which allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. **Recommendations** For com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4, consider disabling the EmailValidator component until a patch is available. For Vaadin versions 8.0.0 through 8.12.4, restrict the use of the EmailValidator component to minimize the risk of exploitation. As a temporary workaround, avoid using the EmailValidator component in the affected versions until the issue is resolved.