Описание
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| civicrm | fixed | 5.50.1+dfsg1-1 | package | |
| civicrm | no-dsa | bullseye | package | |
| otrs2 | fixed | 6.0.32-4 | package | |
| otrs2 | ignored | stretch | package | |
| phpmyadmin | fixed | 4:5.0.4+dfsg2-2 | package | |
| phpmyadmin | no-dsa | stretch | package | |
| node-jquery-validation | not-affected | package |
Примечания
https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm
not packaged, but civicrm, otrs2, and phpmyadmin embed a copy
https://github.com/phpmyadmin/phpmyadmin/commit/401eedd288c4e83d69287b97a9f574f231156171
EPSS
Связанные уязвимости
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
Regular Expression Denial of Service in jquery-validation
EPSS