CVE-2021-21267

Name of the Vulnerable Software and Affected Versions: schema-inspector versions prior to 2.0.0

Description: The email address validation in schema-inspector is vulnerable to a denial-of-service attack where some input, for example a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0., will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation, are not affected.

Recommendations: To resolve the issue, upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS. As a temporary workaround, consider stopping the use of the email validation feature in the library. For example, accept the email address into the system but save it in a "not yet validated" state until a verification email is sent to it.