Regular expression denial of service in jquery-validation (GHSA-j9m2-h2pv-wvph)

Severity:: Low

Description

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

Recommendation

Update the jquery-validation package to the latest compatible version. Followings are version details:

Affected version(s): < 1.19.4
Patched version(s): 1.19.4

References

GHSA-j9m2-h2pv-wvph
research.jfrog.com
CVE-2021-43306
CWE-1333
CAPEC-310
OWASP 2021-A6

Related Issues

tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability - CVE-2026-22809
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS - CVE-2025-59837
Mermaid does not properly sanitize architecture diagram iconText leading to XSS - CVE-2025-54880
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF - CVE-2024-4367

Tags:: npm; jquery-validation

Anything's wrong? Let us know Last updated on November 12, 2024