Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-31405
PUBLISHED
More InfoOfficial Page
Assigner-Vaadin
Assigner Org ID-9e0f3122-90e9-42d5-93de-8c6b98deef7e
View Known Exploited Vulnerability (KEV) details
Published At-23 Apr, 2021 | 16:05
Updated At-17 Sep, 2024 | 02:32
Rejected At-
▼CVE Numbering Authority (CNA)
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

Affected Products
Vendor
Vaadin
Product
Vaadin
Versions
Affected
  • From 14.0.6 before * (custom)
    • -> affectedfrom15.0.0
Vendor
Vaadin
Product
vaadin-text-field-flow
Versions
Affected
  • From 2.0.4 before * (custom)
    • -> affectedfrom3.0.0
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vaadin.com/security/cve-2021-31405
x_refsource_MISC
https://github.com/vaadin/flow-components/pull/442
x_refsource_MISC
Hyperlink: https://vaadin.com/security/cve-2021-31405
Resource:
x_refsource_MISC
Hyperlink: https://github.com/vaadin/flow-components/pull/442
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vaadin.com/security/cve-2021-31405
x_refsource_MISC
x_transferred
https://github.com/vaadin/flow-components/pull/442
x_refsource_MISC
x_transferred
Hyperlink: https://vaadin.com/security/cve-2021-31405
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/vaadin/flow-components/pull/442
Resource:
x_refsource_MISC
x_transferred
Details not found