CVE-2021-31405

HIGH

Vaadin Flow 2.0.4-2.3.2 and Vaadin 14.0.6-14.4.3 - Uncontrolled Resource Consumption via EmailField RegEx Validation

Title source: llm
STIX 2.1

Description

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://vaadin.com/security/cve-2021-31405
Patch, Third Party Advisory x_refsource_misc
https://github.com/vaadin/flow-components/pull/442

Scores

CVSS v3 7.5
EPSS 0.0113
EPSS Percentile 62.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (3)
com.vaadin/vaadin-bom 14.0.6 - 14.4.4Maven
vaadin/flow 2.0.4 - 2.3.3
vaadin/vaadin 14.0.6 - 14.4.4
Published Apr 23, 2021
Tracked Since Feb 18, 2026