Vulnerability Description
ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced GHSL-2021-027.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Protonmail | Protonmail | < 3.16.60 |
Related Weaknesses (CWE)
References
- https://github.com/ProtonMail/WebClient/commit/6687fbb867ef872c96cf4fde68cb6e9c5PatchThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2021-027-redos-ProtonMail/ExploitThird Party Advisory
- https://github.com/ProtonMail/WebClient/commit/6687fbb867ef872c96cf4fde68cb6e9c5PatchThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2021-027-redos-ProtonMail/ExploitThird Party Advisory
FAQ
What is CVE-2021-32816?
CVE-2021-32816 is a vulnerability with a CVSS score of 6.5 (MEDIUM). ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerabilit...
How severe is CVE-2021-32816?
CVE-2021-32816 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32816?
Check the references section above for vendor advisories and patch information. Affected products include: Protonmail Protonmail.