jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method
- Severity:
- High
Description
Summary
Incomplete fix of CVE-2021-43306: An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method.
Recommendation
Update the jquery-validation package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.19.5
- Patched version(s): 1.19.5
References
Related Issues
- Regular Expression Denial of Service in jquery-validation - CVE-2021-21252
- Regular expression denial of service in jquery-validation (GHSA-j9m2-h2pv-wvph) - CVE-2021-43306
- steal vulnerable to Regular Expression Denial of Service via input variable - CVE-2022-37260
- steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments - CVE-2022-37262
- Tags:
- npm
- jquery-validation
Anything's wrong? Let us know Last updated on January 27, 2023