GMS-2021-144: Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17

April 19, 2021 (updated October 8, 2021)

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

https://vaadin.com/security/cve-2021-31405

References

github.com/advisories/GHSA-crh4-294p-vcfq
github.com/vaadin/flow-components/security/advisories/GHSA-crh4-294p-vcfq
vaadin.com/security/cve-2021-31405

Code Behaviors & Features

Detect and mitigate GMS-2021-144 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →