CVE-2021-43306
EPSS 1.1%Regular expression denial of service in jquery-validation
發布日:2022/6/3修改日:2024/11/12
描述
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
受影響套件(1)
- npm/jquery-validationfrom 0, < 1.19.4
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-43306
- PATCHhttps://github.com/jquery-validation/jquery-validation
- WEBhttps://github.com/jquery-validation/jquery-validation/commit/69cb17ed774b427f7e2ffcdf197968231725c30e
- WEBhttps://github.com/jquery-validation/jquery-validation/pull/2428
- WEBhttps://research.jfrog.com/vulnerabilities/jquery-validation-redos-xray-211348