High severityNVD Advisory· Published Jul 14, 2022· Updated Apr 23, 2025
jquery-validation ReDoS in url2 due to incomplete fix of CVE-2021-43306
CVE-2022-31147
Description
The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jquery-validationnpm | < 1.19.5 | 1.19.5 |
Affected products
2- Range: < 1.19.5
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-ffmh-x56j-9rc3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31147ghsaADVISORY
- github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0ddghsax_refsource_MISCWEB
- github.com/jquery-validation/jquery-validation/releases/tag/1.19.5ghsax_refsource_MISCWEB
- github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.