EUVD-2021-2537

Malware in sbrugna...

@adhawk/analytics-pixel-loader (>=0.0.2 <=2.0.2), @adhawk/analytics.js-integration-freshdesk (=0.1.0) +64 more potentially affected by CVE-2021-36716 via is-email (>=0.1.0 <=0.1.1)

is-email NPM version =0.1.0, =0.0.2, =1.2.0, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.0.3, =1.0.0, =1.0.18 and more Source cves: CVE-2021-36716 Source advisory: OSV:GHSA-J377-2X76-558H...

GHSA-J377-2X76-558H Improper Input Validation in is-email

is-email helps validate an email address. A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of...

Improper Input Validation in is-email

is-email helps validate an email address. A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of...

CVE-2021-36716

A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of CPU...

CVE-2021-36716

A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of CPU...

Input validation

A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of CPU...

CVE-2021-36716

A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of CPU...

Regular Expression Denial Of Service (ReDoS)

is-email is vulnerable to regular expression denial of service. The vulnerability exists due to the system not limiting the length of the data sent to the parameter...

Regular Expression Denial of Service (ReDoS)

Overview is-email is a Loosely validate an email address. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the isEmail function. PoC: var isEmail = require"is-email" function buildblankn var ret = "" for var i = 0; i n; i++ ret += "@" return ret +...