PT-2021-19286 · Vaadin · Vaadin-Text-Field-Flow

Published

2021-04-19

Updated

2021-05-05

CVE-2021-31405

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 com.vaadin:vaadin-text-field-flow versions 3.0.0 through 4.0.2

Description The issue is related to an unsafe validation RegEx in the EmailField component, which allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

Recommendations For versions 2.0.4 through 2.3.2, update to a version outside of this range to resolve the issue. For versions 3.0.0 through 4.0.2, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the input to the EmailField component to prevent malicious email addresses from being submitted.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-31405

GHSA-2WQP-JMCC-MC77

GHSA-CRH4-294P-VCFQ

Affected Products

Vaadin-Text-Field-Flow

PT-2021-19286 · Vaadin · Vaadin-Text-Field-Flow

CVE-2021-31405

Weakness Enumeration

Related Identifiers

Affected Products

References · 9