Regular expression denial of service in jquery-validation - jquery-validation

Severity:: Low

Description

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

Recommendation

Update the jquery-validation package to the latest compatible version. Followings are version details:

Affected version(s): < 1.19.4
Patched version(s): 1.19.4

References

GHSA-j9m2-h2pv-wvph
research.jfrog.com
CVE-2021-43306
CWE-1333
CAPEC-310
OWASP 2021-A6

Related Issues

Regular Expression Denial of Service in jquery-validation - CVE-2021-21252
jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method - CVE-2022-31147
prismjs Regular Expression Denial of Service vulnerability - CVE-2021-3801
Regular Expression Denial of Service (REDoS) in Marked - CVE-2021-21306

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; jquery-validation

Anything's wrong? Let us know Last updated on November 12, 2024