CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31147 – jquery-validation ReDoS in url2 due to incomplete fix of CVE-2021-43306
https://notcve.org/view.php?id=CVE-2022-31147
The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch. El plugin de comprobación de jQuery (jquery-validation) proporciona una comprobación directa para formularios. • https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5 https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43306 – Exponential ReDoS in jquery-validation
https://notcve.org/view.php?id=CVE-2021-43306
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method Un ReDoS exponencial (Denegación de Servicio por Expresión Regular) puede ser desencadenada en el paquete npm jquery-validation, cuando un atacante es capaz de suministrar una entrada arbitraria al método url2 • https://research.jfrog.com/vulnerabilities/jquery-validation-redos-xray-211348 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21252 – Regular expression denial of service in jquery-validation
https://notcve.org/view.php?id=CVE-2021-21252
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3. El Plugin jQuery Validation proporciona una validación directa para sus formularios existentes. Es publicado como un paquete npm "jquery-validation". • https://github.com/jquery-validation/jquery-validation/commit/5d8f29eef363d043a8fec4eb86d42cadb5fa5f7d https://github.com/jquery-validation/jquery-validation/pull/2371 https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://security.netapp.com/advisory/ntap-20210219-0005 https://www.npmjs.com/package/jquery-validation • CWE-400: Uncontrolled Resource Consumption •