{"id":"CVE-2021-3794","details":"vuelidate is vulnerable to Inefficient Regular Expression Complexity","aliases":["GHSA-vvf2-ppj9-pp49"],"modified":"2026-04-10T04:36:28.937363Z","published":"2021-09-15T13:15:08.167Z","references":[{"type":"FIX","url":"https://github.com/vuelidate/vuelidate/commit/1f0ca31c30e5032f00dbd14c4791b5ee7928f71d"},{"type":"FIX","url":"https://huntr.dev/bounties/d8201b98-fb91-4c12-a6f7-181b4a20d9b7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vuelidate/vuelidate","events":[{"introduced":"0"},{"fixed":"f55f8f80bcd964ef2af587b313456ecc85c99b61"},{"fixed":"1f0ca31c30e5032f00dbd14c4791b5ee7928f71d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.7.7"}]}}],"versions":["@vuelidate/components@1.1.0","@vuelidate/components@1.1.1","@vuelidate/components@1.1.2","@vuelidate/components@1.1.3","@vuelidate/components@1.1.4","@vuelidate/components@1.1.5","@vuelidate/core@1.0.0-alpha.2","@vuelidate/core@2.0.0-alpha.0","@vuelidate/core@2.0.0-alpha.1","@vuelidate/core@2.0.0-alpha.10","@vuelidate/core@2.0.0-alpha.11","@vuelidate/core@2.0.0-alpha.12","@vuelidate/core@2.0.0-alpha.13","@vuelidate/core@2.0.0-alpha.14","@vuelidate/core@2.0.0-alpha.15","@vuelidate/core@2.0.0-alpha.16","@vuelidate/core@2.0.0-alpha.17","@vuelidate/core@2.0.0-alpha.18","@vuelidate/core@2.0.0-alpha.19","@vuelidate/core@2.0.0-alpha.2","@vuelidate/core@2.0.0-alpha.20","@vuelidate/core@2.0.0-alpha.21","@vuelidate/core@2.0.0-alpha.22","@vuelidate/core@2.0.0-alpha.23","@vuelidate/core@2.0.0-alpha.24","@vuelidate/core@2.0.0-alpha.25","@vuelidate/core@2.0.0-alpha.3","@vuelidate/core@2.0.0-alpha.4","@vuelidate/core@2.0.0-alpha.5","@vuelidate/core@2.0.0-alpha.6","@vuelidate/core@2.0.0-alpha.7","@vuelidate/core@2.0.0-alpha.8","@vuelidate/core@2.0.0-alpha.9","@vuelidate/docs@2.0.0-alpha.0","@vuelidate/docs@2.0.0-alpha.1","@vuelidate/docs@2.0.0-alpha.10","@vuelidate/docs@2.0.0-alpha.11","@vuelidate/docs@2.0.0-alpha.12","@vuelidate/docs@2.0.0-alpha.13","@vuelidate/docs@2.0.0-alpha.14","@vuelidate/docs@2.0.0-alpha.15","@vuelidate/docs@2.0.0-alpha.16","@vuelidate/docs@2.0.0-alpha.17","@vuelidate/docs@2.0.0-alpha.18","@vuelidate/docs@2.0.0-alpha.19","@vuelidate/docs@2.0.0-alpha.2","@vuelidate/docs@2.0.0-alpha.20","@vuelidate/docs@2.0.0-alpha.21","@vuelidate/docs@2.0.0-alpha.22","@vuelidate/docs@2.0.0-alpha.23","@vuelidate/docs@2.0.0-alpha.24","@vuelidate/docs@2.0.0-alpha.25","@vuelidate/docs@2.0.0-alpha.3","@vuelidate/docs@2.0.0-alpha.4","@vuelidate/docs@2.0.0-alpha.5","@vuelidate/docs@2.0.0-alpha.6","@vuelidate/docs@2.0.0-alpha.7","@vuelidate/docs@2.0.0-alpha.8","@vuelidate/docs@2.0.0-alpha.9","@vuelidate/validators@1.0.0-alpha.2","@vuelidate/validators@2.0.0-alpha.0","@vuelidate/validators@2.0.0-alpha.1","@vuelidate/validators@2.0.0-alpha.10","@vuelidate/validators@2.0.0-alpha.11","@vuelidate/validators@2.0.0-alpha.12","@vuelidate/validators@2.0.0-alpha.13","@vuelidate/validators@2.0.0-alpha.14","@vuelidate/validators@2.0.0-alpha.15","@vuelidate/validators@2.0.0-alpha.16","@vuelidate/validators@2.0.0-alpha.17","@vuelidate/validators@2.0.0-alpha.18","@vuelidate/validators@2.0.0-alpha.19","@vuelidate/validators@2.0.0-alpha.2","@vuelidate/validators@2.0.0-alpha.20","@vuelidate/validators@2.0.0-alpha.21","@vuelidate/validators@2.0.0-alpha.3","@vuelidate/validators@2.0.0-alpha.4","@vuelidate/validators@2.0.0-alpha.5","@vuelidate/validators@2.0.0-alpha.6","@vuelidate/validators@2.0.0-alpha.7","@vuelidate/validators@2.0.0-alpha.8","@vuelidate/validators@2.0.0-alpha.9","test-project@0.2.0","test-project@0.2.1","test-project@0.2.2","test-project@0.2.3","test-project@0.2.4","test-project@0.3.0","test-project@0.4.0","test-project@0.5.0","test-project@0.6.0","v0.3.0","v0.3.1","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.5.0","v0.6.0","v0.6.1","v0.6.2","v0.7.0","v0.7.1","v0.7.2","v0.7.3","v0.7.4","v0.7.5","v0.7.6"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.0.0-alpha1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.0-alpha2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha10"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha11"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha12"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha13"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha14"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha15"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha16"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha17"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha18"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha19"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha20"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha21"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha22"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha23"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha24"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha25"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha5"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha6"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha7"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha8"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha9"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3794.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}