CVE-2022-31147
HIGH7.5EPSS 0.31%jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method
Published: 7/5/2022Modified: 11/8/2023
Description
Summary Incomplete fix of CVE-2021-43306: An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method.
Affected packages (1)
- npm/jquery-validationfrom 0, < 1.19.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-31147
- PATCHhttps://github.com/jquery-validation/jquery-validation
- WEBhttps://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd
- WEBhttps://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5
- WEBhttps://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3