PT-2021-12004 · Vaadin · Vaadin-Server

Published

2021-04-19

Updated

2021-05-05

CVE-2020-36320

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: com.vaadin:vaadin-server versions 7.0.0 through 7.7.21

Description: The issue is related to an unsafe validation RegEx in the EmailValidator class, which allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

Recommendations: For versions 7.0.0 through 7.7.21, consider disabling the EmailValidator class until a patch is available to prevent uncontrolled resource consumption. Restrict access to the EmailValidator functionality to minimize the risk of exploitation.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2020-36320

GHSA-42J4-733X-5VCF

Affected Products

Vaadin-Server

PT-2021-12004 · Vaadin · Vaadin-Server

CVE-2020-36320

Weakness Enumeration

Related Identifiers

Affected Products

References · 7