Regular expression denial of service in jquery-validation (GHSA-j9m2-h2pv-wvph)

Severity:: Low

Description

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

Recommendation

Update the jquery-validation package to the latest compatible version. Followings are version details:

Affected version(s): < 1.19.4
Patched version(s): 1.19.4

References

GHSA-j9m2-h2pv-wvph
research.jfrog.com
CVE-2021-43306
CWE-1333
CAPEC-310
OWASP 2021-A6

Related Issues

Astro's bypass of image proxy domain validation leads to SSRF and potential XSS - CVE-2025-59837
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF - CVE-2024-4367
jquery-validation vulnerable to Cross-site Scripting - CVE-2025-3573
create-choo-app3 is vulnerable to Command Injection via the devInstall function - CVE-2022-25855

Tags:: npm; jquery-validation

Anything's wrong? Let us know Last updated on November 12, 2024