Regular expression denial of service in jquery-validation (GHSA-j9m2-h2pv-wvph)

Severity:: Low

Description

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

Recommendation

Update the jquery-validation package to the latest compatible version. Followings are version details:

Affected version(s): < 1.19.4
Patched version(s): 1.19.4

References

GHSA-j9m2-h2pv-wvph
research.jfrog.com
CVE-2021-43306
CWE-1333
CAPEC-310
OWASP 2021-A6

Related Issues

Regular Expression Denial of Service in jquery-validation - CVE-2021-21252
jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method - CVE-2022-31147
Regular Expression Denial of Service (ReDoS) (GHSA-vx3p-948g-6vhq) - CVE-2021-27290
Regular Expression Denial of Service in postcss (GHSA-hwj9-h5mp-3pm3) - CVE-2021-23368

Tags:: npm; jquery-validation

Anything's wrong? Let us know Last updated on November 12, 2024