CVE-2021-31405
Description
Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.468
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-31405 are fixed in Vaadin - vaadin-bom 14.4.4 | Windows |
| Vulnerabilities CVE-2021-31405 are fixed in Vaadin - vaadin-bom 17.0.11 | Windows |
| Vulnerabilities CVE-2021-31405 are fixed in Vaadin - vaadin-bom for Linux 14.4.4 | Linux |
| Vulnerabilities CVE-2021-31405 are fixed in Vaadin - vaadin-bom for Linux 17.0.11 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234