CVE-2020-36320

Опубликовано: 23 апр. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

Ссылки

https://github.com/vaadin/framework/issues/7757
Exploit
Patch
Third Party Advisory
https://github.com/vaadin/framework/pull/12104
Patch
Third Party Advisory
https://vaadin.com/security/cve-2020-36320
Vendor Advisory
https://github.com/vaadin/framework/issues/7757
Exploit
Patch
Third Party Advisory
https://github.com/vaadin/framework/pull/12104
Patch
Third Party Advisory
https://vaadin.com/security/cve-2020-36320
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 7.7.22 (исключая)

EPSS

Процентиль: 72%

0.00724

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

GHSA-42j4-733x-5vcf