CVE-2022-31147

Published: Jul 14, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.

Affected (1)

Products: Jqueryvalidation: Jquery Validation

Jqueryvalidation

1 product

Jquery Validation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jqueryvalidation Jquery Validation	Before 1.19.5

Related CWEs

Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References (6)

https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3

Source: security-advisories@github.com

Third Party Advisory

https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.