CVE-2020-36320 HIGH

CVE-2020-36320: Regular expression Denial of Service (ReDoS) in EmailValidator class in Vaadin 7

Vendor Vaadin
Product Vaadin
Weakness CWE-400
Published April 23, 2021
Last update September 16, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

Key dates

02Disclosure timeline

April 23, 2021 CVE published
September 16, 2024 Record updated