PT-2021-15482 · Forms · Forms

Tarjei Husøy

Published

2021-05-31

Updated

2021-06-09

CVE-2021-23388

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions forms versions prior to 1.3.2

Description The issue is related to Regular Expression Denial of Service (ReDoS) via email validation. This occurs in versions prior to 1.3.2, where the email validation process can be exploited, leading to a denial of service.

Recommendations For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider disabling email validation until a patch is available. Restrict access to email validation functionality to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-23388

GHSA-C56F-GRV3-GPFR

SNYK-JS-FORMS-1296389

Affected Products

Forms

PT-2021-15482 · Forms · Forms

CVE-2021-23388

Weakness Enumeration

Related Identifiers

Affected Products

References · 6