CVE-2021-43306
EPSS 1.1%Regular expression denial of service in jquery-validation
Published: 6/3/2022Modified: 11/12/2024
Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
Affected packages (1)
- npm/jquery-validationfrom 0, < 1.19.4
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-43306
- PATCHhttps://github.com/jquery-validation/jquery-validation
- WEBhttps://github.com/jquery-validation/jquery-validation/commit/69cb17ed774b427f7e2ffcdf197968231725c30e
- WEBhttps://github.com/jquery-validation/jquery-validation/pull/2428
- WEBhttps://research.jfrog.com/vulnerabilities/jquery-validation-redos-xray-211348