CVE-2021-21252 MEDIUM

CVE-2021-21252: Regular expression denial of service in jquery-validation

Vendor Jquery-Validation
Product jquery-validation
Weakness CWE-400
Published January 13, 2021
Last update August 3, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.

Key dates

02Disclosure timeline

January 13, 2021 CVE published
August 3, 2024 Record updated