Regular expression denial of service in jquery-validation
CVE-2021-21252

5.3MEDIUM

Key Information:

Vendor: Jquery-validation
Status: Jquery-validation
Vendor: CVE Published:; 13 January 2021

Summary

The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.

Affected Version(s)

jquery-validation < 1.19.3

References

https://github.com/jquery-validation/jquery-validation/se...

https://github.com/jquery-validation/jquery-validation/pu...

https://github.com/jquery-validation/jquery-validation/co...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2021
Vulnerability Reserved
Dec 22, 2020