CVE-2022-31147

HIGH7.5EPSS 0.31%

jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method

發布日:2022/7/5修改日:2023/11/8

描述

Summary Incomplete fix of CVE-2021-43306: An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method.

受影響套件(1)

npm/jquery-validationfrom 0, < 1.19.5

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-31147
PATCHhttps://github.com/jquery-validation/jquery-validation
WEBhttps://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd
WEBhttps://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5
WEBhttps://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3