CVE-2021-31405: Uncontrolled Resource Consumption

April 19, 2021 (updated April 26, 2021)

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

References

github.com/advisories/GHSA-2wqp-jmcc-mc77
github.com/vaadin/flow-components/pull/442
github.com/vaadin/platform/security/advisories/GHSA-2wqp-jmcc-mc77
nvd.nist.gov/vuln/detail/CVE-2021-31405
vaadin.com/security/cve-2021-31405

Code Behaviors & Features

Detect and mitigate CVE-2021-31405 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →