Regular expression denial of service in jquery-validation
CVE-2021-21252

5.3MEDIUM

Key Information:

Vendor

Jquery-validation

Status
Jquery-validation
Vendor
CVE Published:
13 January 2021

What is CVE-2021-21252?

The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.

Affected Version(s)

jquery-validation < 1.19.3

References

https://github.com/jquery-validation/jquery-validation/se...
https://github.com/jquery-validation/jquery-validation/pu...
https://github.com/jquery-validation/jquery-validation/co...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-21252 : Regular expression denial of service in jquery-validation