CVE-2021-36716

Improper Input Validation in npm/is-email

Identifier

CVE-2021-36716

Package Slug

npm/is-email

Vulnerability

Improper Input Validation

Description

A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU.

Affected Versions

All versions before 1.0.1

Solution

Upgrade to version 1.0.1 or above.

Last Modified

2021-07-19

source