CVE-2021-31405
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
Una comprobación no segura de RegEx en el componente EmailField en com.vaadin:vaadin-text-field-flow versiones 2.0.4 hasta 2.3.2 (Vaadin versiones 14.0.6 hasta 14.4.3) y versiones 3.0.0 hasta 4.0.2 (Vaadin versiones 15.0.0 hasta 17.0.10), permite a atacantes causar un consumo de recursos no controlado mediante el envío de direcciones de correo electrónico maliciosas
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-04-15 CVE Reserved
- 2021-04-23 CVE Published
- 2024-01-07 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/vaadin/flow-components/pull/442 | 2021-05-05 |
| URL | Date | SRC |
|---|---|---|
| https://vaadin.com/security/cve-2021-31405 | 2021-05-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vaadin Search vendor "Vaadin" | Flow Search vendor "Vaadin" for product "Flow" | >= 2.0.4 < 2.3.3 Search vendor "Vaadin" for product "Flow" and version " >= 2.0.4 < 2.3.3" | - |
Affected
| ||||||
| Vaadin Search vendor "Vaadin" | Flow Search vendor "Vaadin" for product "Flow" | >= 3.0.0 < 4.0.3 Search vendor "Vaadin" for product "Flow" and version " >= 3.0.0 < 4.0.3" | - |
Affected
| ||||||
| Vaadin Search vendor "Vaadin" | Vaadin Search vendor "Vaadin" for product "Vaadin" | >= 14.0.6 < 14.4.4 Search vendor "Vaadin" for product "Vaadin" and version " >= 14.0.6 < 14.4.4" | - |
Affected
| ||||||
| Vaadin Search vendor "Vaadin" | Vaadin Search vendor "Vaadin" for product "Vaadin" | >= 15.0.0 < 17.0.11 Search vendor "Vaadin" for product "Vaadin" and version " >= 15.0.0 < 17.0.11" | - |
Affected
| ||||||