5.3
CVE-2021-23388
- EPSS 1.65%
- Veröffentlicht 01.06.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 05:51:37
- Quelle report@snyk.io
- CVE-Watchlists
- Unerledigt
LoginRegular Expression Denial of Service (ReDoS)
The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Forms Project ≫ Forms SwPlatformnode.js Version < 1.2.1
Forms Project ≫ Forms SwPlatformnode.js Version >= 1.3.0 < 1.3.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.65% | 0.734 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| report@snyk.io | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
https://github.com/caolan/forms/pull/214
https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0
https://snyk.io/vuln/SNYK-JS-FORMS-1296389