Описание
Regular Expression Denial of Service in jquery-validation
The GitHub Security Lab team has identified potential security vulnerabilities in jquery.validation.
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
This issue was discovered and reported by GitHub team member @erik-krogh (Erik Krogh Kristensen).
Ссылки
- https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm
- https://nvd.nist.gov/vuln/detail/CVE-2021-21252
- https://github.com/jquery-validation/jquery-validation/pull/2371
- https://github.com/jquery-validation/jquery-validation/commit/5d8f29eef363d043a8fec4eb86d42cadb5fa5f7d
- https://jqueryvalidation.org/#installation-via-package-managers
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://security.netapp.com/advisory/ntap-20210219-0005
- https://securitylab.github.com/advisories/GHSL-2020-294-redos-jquery-validation
- https://www.npmjs.com/package/jquery-validation
- https://www.nuget.org/packages/jquery.validation
Пакеты
jquery-validation
< 1.19.3
1.19.3
jQuery.Validation
< 1.19.3
1.19.3
Связанные уязвимости
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
The jQuery Validation Plugin provides drop-in validation for your exis ...