jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method
- Severity:
- High
Description
Summary
Incomplete fix of CVE-2021-43306: An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method.
Recommendation
Update the jquery-validation package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.19.5
- Patched version(s): 1.19.5
References
Related Issues
- @pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation - CVE-2025-53626
- Regular expression denial of service in jquery-validation (GHSA-j9m2-h2pv-wvph) - CVE-2021-43306
- @saltcorn/server arbitrary file and directory listing when accessing build mobile app results - Vulnerability
- Leaking sensitive user information still possible by filtering on private with prefix fields - CVE-2023-34235
- Tags:
- npm
- jquery-validation
Anything's wrong? Let us know Last updated on January 27, 2023