Vulnerability Details CVE-2022-31147
The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.8%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd
- https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5
- https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3
- https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd
- https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5
- https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3
Products affected by CVE-2022-31147
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.10.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.11.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.11.1
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.12.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.13.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.13.1
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.14.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.15.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.15.1
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.16.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.17.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.18.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.19.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.19.1
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.19.2
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.19.3
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.6.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.7.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.8.0
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.8.1
-
cpe:2.3:a:jqueryvalidation:jquery_validation:1.9.0