email-regexed is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate_query routine used for FTS5 query validation. The regular expression used to tokenize user-supplied search strings contains nested repetition, allowing crafted input to trigger catastrophic backtracking. An attacker can exploit this by submitting specially formed search queries that cause excessive CPU consumption during regex evaluation, leading to denial of service.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the HttpServletRpcEndpoint endpoint. of the LiteRpc-Serializer component. An attacker can enumerate valid values for LiteRpc-Klass and LiteRpc-Method headers without guessing, guaranteeing that the invocation will reach a real RpcInvoker and the deserialization code path will execute.