Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-31147

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.

Published

2022-07-14T20:15:08.483

Last Modified

2024-11-21T07:03:59.793

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-1333
Type: Primary
CWE-1333

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jqueryvalidation	jquery_validation	< 1.19.5	Yes

References

https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd Patch, Third Party Advisory ([email protected])
https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5 Release Notes, Third Party Advisory ([email protected])
https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3 Third Party Advisory ([email protected])
https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)