Vulnerability Details CVE-2021-21252
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.1%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://github.com/jquery-validation/jquery-validation/commit/5d8f29eef363d043a8fec4eb86d42cadb5fa5f7d
- https://github.com/jquery-validation/jquery-validation/pull/2371
- https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://security.netapp.com/advisory/ntap-20210219-0005/
- https://www.npmjs.com/package/jquery-validation
- https://github.com/jquery-validation/jquery-validation/commit/5d8f29eef363d043a8fec4eb86d42cadb5fa5f7d
- https://github.com/jquery-validation/jquery-validation/pull/2371
- https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://security.netapp.com/advisory/ntap-20210219-0005/
- https://www.npmjs.com/package/jquery-validation
Products affected by CVE-2021-21252
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.10.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.11.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.11.1
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.12.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.13.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.13.1
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.14.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.15.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.15.1
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.16.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.17.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.18.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.19.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.19.1
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.19.2
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.6.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.7.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.8.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.8.1
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.9.0
-
cpe:2.3:a:netapp:snapcenter:-