Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8
Description
Reviewed
Oct 13, 2021
Published to the GitHub Advisory Database
Oct 13, 2021
Last updated
Jan 9, 2023
Credits
-
StefanPenndorf Analyst
Unsafe validation RegEx in
EmailValidatorcomponent incom.vaadin:vaadin-compatibility-serverversions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.References