CVE-2020-36320 | Regular expression Denial of Service (ReDoS) in EmailValidator class in Vaadin 7
Exp
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
Conclusion & alert: CVE-2020-36320 is rated High Exploit Risk (73.4/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.96%).Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +1.23% over the last day, indicating growing attacker interest.Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Public exploit references (Exploit-DB) for CVE-2020-36320
Exploit prediction scoring system (EPSS) score for CVE-2020-36320
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).