CVE-2021-31405

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-31405

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31405.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-31405

Aliases

GHSA-2wqp-jmcc-mc77

Published

2021-04-23T16:15:08.687Z

Modified

2025-12-09T12:01:09.844674Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

References

Affected packages

Git / github.com/vaadin/flow

Affected ranges

Type: GIT
Repo: https://github.com/vaadin/flow
Events: Introduced

5d3f8fc64cc7fb1af253e07c987fd95f6cab4881

Fixed

1b08b7c688d90e051d74628054ad4cc006e7312e

Affected versions

2.*

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.1.0.alpha1

2.1.0.beta1

2.1.0.beta3

2.2.0

2.2.0.alpha1

2.2.0.alpha10

2.2.0.alpha11

2.2.0.alpha12

2.2.0.alpha13

2.2.0.alpha14

2.2.0.alpha15

2.2.0.alpha16

2.2.0.alpha2

2.2.0.alpha3

2.2.0.alpha4

2.2.0.alpha5

2.2.0.alpha6

2.2.0.alpha7

2.2.0.alpha8

2.2.0.alpha9

2.2.0.beta1

2.2.0.beta2

2.2.0.rc1

2.2.1

2.2.2

2.2.alpha14

2.3.0

2.3.0.alpha1

2.3.0.beta1

2.3.0.beta2

2.3.0.beta3

2.3.1

2.3.2

3.*

3.0.0.alpha5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31405.json"

Git / github.com/vaadin/platform

Affected ranges

Type: GIT
Repo: https://github.com/vaadin/platform
Events: Introduced

268ab5a9ba6ff9a921922189f2ebe8d375a4c7a0

Fixed

eea42fed42df6e55e99ba3d0042d25f0ae11e18c

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31405.json"

Git / github.com/vaadin/vaadin

Affected ranges

Type: GIT
Repo: https://github.com/vaadin/vaadin
Events: Introduced

5521426214d9e12c3c5ec0db5a3d11afba50517f

Fixed

3411feab4bba930a1b2f0e2067d749708e652359

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31405.json"