JFrog Security Research
< Back

XRAY-211348 - jquery-validation ReDoS

CVE-2021-43306 | CVSS 5.9

JFrog Severity:medium

Discovered ByDenys Vozniukof the JFrog Security Research Team

Published 30 May, 2022 | Last updated 30 May, 2022

Exponential ReDoS in jquery-validation leads to denial of service


jquery-validation (,1.19.3], fixed in 1.19.4

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

'[FTP://0](' + '3.3.'.repeat(10) + '\x00'

No mitigations are supplied for this issue


< Back