Skip to content

Latest commit

 

History

History
38 lines (26 loc) · 1009 Bytes

jquery-validation-redos-xray-211348.md

File metadata and controls

38 lines (26 loc) · 1009 Bytes
description title date_published last_updated xray_id vul_id cvss severity discovered_by type
CVE-2021-43306 Medium severity. Exponential ReDoS in jquery-validation leads to denial of service
jquery-validation ReDoS
2022-05-30
2022-05-30
XRAY-211348
CVE-2021-43306
5.9
medium
Denys Vozniuk
vulnerability

Summary

Exponential ReDoS in jquery-validation leads to denial of service

Component

jquery-validation

Affected versions

jquery-validation (,1.19.3], fixed in 1.19.4

Description

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

PoC

'[FTP://0](ftp://0.0.0.0/).' + '3.3.'.repeat(10) + '\x00'

Vulnerability Mitigations

No mitigations are supplied for this issue

References

NVD