CVE-2021-3794

Name of the Vulnerable Software and Affected Versions: vuelidate versions 2.x through 3.0

Description: The issue is related to Inefficient Regular Expression Complexity, specifically a ReDoS (regular expression denial of service) flaw found in the @vuelidate/validators package. This flaw can be exploited if an attacker provides crafted input to the url function, potentially causing the application to consume an excessive amount of CPU.

Recommendations: For vuelidate versions 2.x through 3.0, consider disabling the url function in the @vuelidate/validators package as a temporary workaround until a patch is available. Restrict access to this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.