6 matches found
CVE-2020-36320 Regular expression Denial of Service (ReDoS) in EmailValidator class in Vaadin 7
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 Vaadin 7.0.0 through 7.7.21 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 Vaadin 7.0.0 through 7.7.23, and 8.0.0 through 8.12.2 Vaadin 8.0.0 through 8.12.2 allows attacker to guess a security token via timing attack -...
GHSA-42J4-733X-5VCF Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 Vaadin 7.0.0 through 7.7.21 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. - https://vaadin.com/security/cve-2020-36320...
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 Vaadin 7.0.0 through 7.7.21 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. - https://vaadin.com/security/cve-2020-36320...
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 Vaadin 7.0.0 through 7.7.21 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. See CWE-400: Uncontrolled Resource Consumption Description...
Denial of service in UIDL request handler in Vaadin 7 and 8
Improper check for exceptional condition in a third party JSON handling library used in com.vaadin:vaadin-shared versions 7.4.0 through 7.7.8 Vaadin 7.4.0 through 7.7.8, and 8.0.0 through 8.0.5 Vaadin 8.0.0 through 8.0.5 allows attacker to perform denial of service DoS attack via crafted JSON...