2 matches found
@adhawk/analytics-pixel-loader (>=0.0.2 <=2.0.2), @adhawk/analytics.js-integration-freshdesk (=0.1.0) +64 more potentially affected by CVE-2021-36716 via is-email (>=0.1.0 <=0.1.1)
is-email NPM version =0.1.0, =0.0.2, =1.2.0, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.0.3, =1.0.0, =1.0.18 and more Source cves: CVE-2021-36716 Source advisory: OSV:GHSA-J377-2X76-558H...
CVE-2021-36716
The CVE-2021-36716 issue affects the Segment is-email package for Node.js, specifically before version 1.0.1. The root cause is a Regular Expression Denial of Service (ReDoS) in isEmail(input), which can cause an attacker to force excessive CPU consumption in applications that validate emails. Pu...