CVE-2021-36716 - A ReDoS (Regular Expression Denial of Service)

vulnerability
package
July 13, 2021

A ReDoS (Regular Expression Denial of Service) flaw was identified within the segment “is-email” package prior to version 1.0.1 for Node.js and web browsers as client side code.

An Attacker that can provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU.

Credit to Yeting Li for identifying and reporting the vulnerability to Segment.

The latest version of “is-email” is available in the segmentio/is-email repository.

This page was last modified: 13 Jul 2021



Get started with Segment

Segment is the easiest way to integrate your websites & mobile apps data to over 300 analytics and growth tools.
or
Create free account