CVE-2022-31147 HIGH

CVE-2022-31147: jquery-validation ReDoS in url2 due to incomplete fix of CVE-2021-43306

Vendor Jquery-Validation
Product jquery-validation
Weakness CWE-1333
Published July 14, 2022
Last update April 23, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.

Key dates

02Disclosure timeline

July 14, 2022 CVE published
April 23, 2025 Record updated