Skip to content

jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method

High severity GitHub Reviewed Published Jul 1, 2022 in jquery-validation/jquery-validation • Updated Jan 27, 2023

Package

npm jquery-validation (npm)

Affected versions

< 1.19.5

Patched versions

1.19.5

Description

Summary

Incomplete fix of CVE-2021-43306: An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method.

References

@staabm staabm published to jquery-validation/jquery-validation Jul 1, 2022
Published to the GitHub Advisory Database Jul 5, 2022
Reviewed Jul 5, 2022
Published by the National Vulnerability Database Jul 14, 2022
Last updated Jan 27, 2023

Severity

High
7.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses

CVE ID

CVE-2022-31147

GHSA ID

GHSA-ffmh-x56j-9rc3

Source code

Credits

Checking history
See something to contribute? Suggest improvements for this vulnerability.