CVE-2021-36716

HIGH

Segment is-email < 1.0.1 - Uncontrolled Resource Consumption via isEmail Function

Title source: llm

Description

A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU.

References (2)

Core 2

Core References

Release Notes, Third Party Advisory x_refsource_misc

https://github.com/segmentio/is-email/releases

Vendor Advisory x_refsource_confirm

https://segment.com/docs/release_notes/2021-07-13-cve-2021-36716/

Scores

CVSS v3 7.5

EPSS 0.0099

EPSS Percentile 58.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (2)

npm/is-email 0 - 1.0.1npm

segment/is-email < 1.0.1

Published Jul 14, 2021

Tracked Since Feb 18, 2026