Description

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.

Remediation

References

CVE-2022-31147

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Open Redirect (2.0.33)

GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3239)

WordPress Plugin WP Statistics Cross-Site Scripting (12.0.5)

Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-9840)

Oracle Application Server Other Vulnerability (CVE-2006-5365)

Severity

High

Classification

CVE-2022-31147 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities