Implement interface to use `Email::Address`

Perl-Email-Project / Email-Valid

perl library to validate email addresses

19 stars 19 forks source link

Implement interface to use `Email::Address` #35

Open KES777 opened 7 years ago

KES777 commented 7 years ago

Why to not use fastest module Email::Address?

pali commented 7 years ago

Why to not use? Because of CVE-2015-7686 (Algorithmic complexity vulnerability): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7686

Do not use Email::Address for parsing untrusted input.

pali commented 7 years ago

And Email::Address is not fast. Included benchmark execute repeated same patterns without disabling Email::Address cache. Which means that Email::Address looks-like fast, but only for case when it has parsed input string already in cache.

Anyway, you can use Email::Address::XS which is aims to be correct, fast and without exponential time complexity in worst case.