7.5

CVE-2021-21252

Regular expression denial of service in jquery-validation

The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JqueryvalidationJquery Validation SwPlatformnode.js Version < 1.19.3
NetappSnapcenter Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.53% 0.878
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
security-advisories@github.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://github.com/jquery-validation/jquery-validation/commit/5d8f29eef363d043a8fec4eb86d42cadb5fa5f7d
Patch
Third Party Advisory
https://github.com/jquery-validation/jquery-validation/pull/2371
Patch
Third Party Advisory
https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210219-0005/
Third Party Advisory
https://www.npmjs.com/package/jquery-validation
Third Party Advisory
Product