Regular expression denial of service in jquery-validation (GHSA-j9m2-h2pv-wvph)
- Severity:
- Low
Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
Recommendation
Update the jquery-validation package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.19.4
- Patched version(s): 1.19.4
References
Related Issues
- Mermaid does not properly sanitize architecture diagram iconText leading to XSS - CVE-2025-54880
- jquery-validation vulnerable to Cross-site Scripting - CVE-2025-3573
- create-choo-app3 is vulnerable to Command Injection via the devInstall function - CVE-2022-25855
- Vue I18n Allows Prototype Pollution in `handleFlatJson` (GHSA-p2ph-7g93-hw3m) 5 - CVE-2025-27597
- Tags:
- npm
- jquery-validation
Anything's wrong? Let us know Last updated on November 12, 2024