CVE-2021-36716 - A ReDoS (Regular Expression Denial of Service)
A ReDoS (Regular Expression Denial of Service) flaw was identified within the segment “is-email” package prior to version 1.0.1 for Node.js and web browsers as client side code.
An Attacker that can provide crafted input to the
isEmail(input) function may cause an application to consume an excessive amount of CPU.
Credit to Yeting Li for identifying and reporting the vulnerability to Segment.
The latest version of “is-email” is available in the segmentio/is-email repository.
This page was last modified: 13 Jul 2021
Questions? Problems? Need more info? Contact us, and we can help!