CVE-2021-21252

HIGH7.5EPSS 0.73%

Regular Expression Denial of Service in jquery-validation

發布日:2021/1/13修改日:2026/3/13

描述

The GitHub Security Lab team has identified potential security vulnerabilities in jquery.validation. The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service) This issue was discovered and reported by GitHub team member @erik-krogh (Erik Krogh Kristensen).

受影響套件(5)

Debian/civicrmfrom 0
Debian/otrs2from 0, < 6.0.32-4
Debian/phpmyadminfrom 0, < 4:5.0.4+dfsg2-2
npm/jquery-validationfrom 0, < 1.19.3
NuGet/jQuery.Validationfrom 0, < 1.19.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(12)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-21252
ADVISORYhttps://securitylab.github.com/advisories/GHSL-2020-294-redos-jquery-validation
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-21252
PATCHhttps://github.com/jquery-validation/jquery-validation
WEBhttps://github.com/jquery-validation/jquery-validation/commit/5d8f29eef363d043a8fec4eb86d42cadb5fa5f7d
WEBhttps://github.com/jquery-validation/jquery-validation/pull/2371
WEBhttps://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm
WEBhttps://jqueryvalidation.org/#installation-via-package-managers
WEBhttps://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
WEBhttps://security.netapp.com/advisory/ntap-20210219-0005
WEBhttps://www.npmjs.com/package/jquery-validation
WEBhttps://www.nuget.org/packages/jquery.validation