Segment is-email Package: Regular Expression Denial of Service (ReDoS) Vulnerability

Segment is-email Package: Regular Expression Denial of Service (ReDoS) Vulnerability

CVE-2021-36716 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU.

Learn more about our Web Application Penetration Testing UK.