{"id":"CVE-2021-32816","details":"ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced GHSL-2021-027.","modified":"2026-03-14T11:02:20.497186Z","published":"2021-05-14T18:15:07.407Z","references":[{"type":"FIX","url":"https://github.com/ProtonMail/WebClient/commit/6687fbb867ef872c96cf4fde68cb6e9c58d3fddc"},{"type":"EVIDENCE","url":"https://securitylab.github.com/advisories/GHSL-2021-027-redos-ProtonMail/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/protonmail/webclients","events":[{"introduced":"0"},{"fixed":"6687fbb867ef872c96cf4fde68cb6e9c58d3fddc"}]},{"type":"GIT","repo":"https://github.com/protonmail/webclients","events":[{"introduced":"0"},{"fixed":"6687fbb867ef872c96cf4fde68cb6e9c58d3fddc"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32816.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"3.16.60"}]},{"events":[{"introduced":"0"},{"fixed":"3.16.60"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}