PT-2021-21320 · Segment · Is-Email

Published

2021-07-14

Updated

2022-05-03

CVE-2021-36716

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Segment is-email package versions prior to 1.0.1

Description A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package for Node.js. An attacker able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU. The issue is related to the validation of email addresses.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the isEmail(input) function until a patch is available.

Fix

DoS

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400

Related Identifiers

CVE-2021-36716

GHSA-J377-2X76-558H

Affected Products

Is-Email

PT-2021-21320 · Segment · Is-Email

CVE-2021-36716

Weakness Enumeration

Related Identifiers

Affected Products

References · 7