Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qOW0yLWgycHYtd3ZwaM4AArVh
Regular expression denial of service in jquery-validation
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
Permalink: https://github.com/advisories/GHSA-j9m2-h2pv-wvphJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qOW0yLWgycHYtd3ZwaM4AArVh
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 9 months ago
Identifiers: GHSA-j9m2-h2pv-wvph, CVE-2021-43306
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-43306
- https://research.jfrog.com/vulnerabilities/jquery-validation-redos-xray-211348/
- https://github.com/jquery-validation/jquery-validation/commit/69cb17ed774b427f7e2ffcdf197968231725c30e
- https://github.com/advisories/GHSA-j9m2-h2pv-wvph
Blast Radius: 1.0
Affected Packages
nuget:jQuery.Validation
Dependent packages: 0Dependent repositories: 0
Downloads: 91,602,317 total
Affected Version Ranges: < 1.19.4
Fixed in: 1.19.4
All affected versions: 1.6.0, 1.7.0, 1.8.0, 1.8.1, 1.9.0, 1.10.0, 1.11.0, 1.11.1, 1.12.0, 1.13.0, 1.13.1, 1.14.0, 1.15.0, 1.15.1, 1.16.0, 1.17.0, 1.19.1, 1.19.2, 1.19.3
All unaffected versions: 1.19.4, 1.19.5
npm:jquery-validation
Dependent packages: 328Dependent repositories: 17,237
Downloads: 695,826 last month
Affected Version Ranges: < 1.19.4
Fixed in: 1.19.4
All affected versions: 1.13.1, 1.14.0, 1.15.0, 1.15.1, 1.16.0, 1.17.0, 1.18.0, 1.19.0, 1.19.1, 1.19.2, 1.19.3
All unaffected versions: 1.19.4, 1.19.5, 1.20.0