CVE-2021-21252

The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.

References

Affected packages

Debian:11 / civicrm

Package

Name: civicrm
Purl: pkg:deb/debian/civicrm?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.33.2+dfsg1-1

5.50.1+dfsg1-1

5.50.3+dfsg1-1

5.52.2+dfsg1-1

5.53.0+dfsg1-1

5.68.1+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / otrs2

Package

Name: otrs2
Purl: pkg:deb/debian/otrs2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.32-4

Affected versions

2.*

2.0.4p01-6

2.0.4p01-7

2.0.4p01-8

2.0.4p01-9

2.0.4p01-10

2.0.4p01-11

2.0.4p01-12

2.0.4p01-13

2.0.4p01-14

2.0.4p01-14.1

2.0.4p01-15

2.0.4p01-16

2.0.4p01-17

2.0.4p01-18

2.0.99beta1-1

2.0.99beta1-2

2.1.1-1

2.1.3-1

2.1.4-1

2.1.4-2

2.1.5-1

2.1.5-2

2.1.5-3

2.1.6-1

2.1.7-1

2.1.7-2

2.2.0~beta2-1

2.2.0~beta3-1

2.2.1-1

2.2.2-1

2.2.3-1

2.2.4-1

2.2.5-1

2.2.5-2

2.2.6-1

2.2.7-1

2.2.7-2

2.2.7-2lenny1

2.2.7-2lenny2

2.2.7-2lenny3

2.2.7-3

2.3.2-1

2.3.2-2

2.3.3-1

2.3.4-1

2.3.4-2

2.3.4-3

2.3.4-4

2.3.4-5

2.3.4-6

2.3.4-7

2.4.5-1

2.4.5-2

2.4.5-3

2.4.5-4

2.4.5-5

2.4.6-1

2.4.6-2

2.4.7-1

2.4.7-2

2.4.7-3

2.4.7-4

2.4.7-5

2.4.7-6

2.4.7+dfsg1-1

2.4.8+dfsg1-1

2.4.9+dfsg1-1

2.4.9+dfsg1-2

2.4.9+dfsg1-3

2.4.9+dfsg1-3+squeeze1

2.4.9+dfsg1-3+squeeze3

2.4.9+dfsg1-3+squeeze4

2.4.9+dfsg1-3+squeeze5

2.4.9+dfsg1-4

2.4.9+dfsg1-5

2.4.10+dfsg1-1

2.4.10+dfsg1-2

2.4.10+dfsg1-3

3.*

3.0.8+dfsg1-1

3.0.9+dfsg1-1

3.0.10+dfsg1-1

3.0.10+dfsg1-2

3.0.11+dfsg1-1

3.1.0~beta4+dfsg1-1

3.1.0~beta5+dfsg1-1

3.1.0~rc1+dfsg1-1

3.1.1+dfsg1-1

3.1.1+dfsg1-2

3.1.2+dfsg1-1

3.1.2+dfsg1-2

3.1.2+dfsg1-3

3.1.3+dfsg1-1

3.1.3+dfsg1-2

3.1.4+dfsg1-1

3.1.5+dfsg1-1

3.1.5+dfsg1-2

3.1.5+dfsg1-3

3.1.6+dfsg1-1

3.1.7+dfsg1-1

3.1.7+dfsg1-2

3.1.7+dfsg1-3

3.1.7+dfsg1-4

3.1.7+dfsg1-5

3.1.7+dfsg1-6

3.1.7+dfsg1-7

3.1.7+dfsg1-8

3.1.8+dfsg1-1

3.1.9+dfsg1-1

3.1.10+dfsg1-1

3.1.11+dfsg1-1

3.1.12+dfsg1-1

3.1.12+dfsg1-2

3.1.12+dfsg1-3

3.2.1+dfsg1-1

3.2.2+dfsg1-1

3.2.3+dfsg1-1

3.2.4-1

3.2.5-1

3.2.6-1

3.2.6-2

3.2.7-1

3.2.7-2

3.2.8-1

3.2.9-1

3.2.9-2

3.2.10-1

3.2.10-2

3.2.11-1~bpo70+1

3.2.11-1

3.2.12-1

3.3.1-1

3.3.2-1

3.3.3-1

3.3.3-2

3.3.3-3

3.3.4-1

3.3.5-1

3.3.6-1

3.3.7-1

3.3.7-2

3.3.8-1

3.3.9-1

3.3.9-2

3.3.9-3~bpo70+1

3.3.9-3

3.3.10-1

3.3.11-1

3.3.18-1~deb7u1

3.3.18-1~deb7u2

3.3.18-1~deb7u3

4.*

4.0.5-1

4.0.5-2

4.0.6-1

4.0.7-1

4.0.7-2

4.0.8-1

4.0.9-1

4.0.10-1

4.0.11-1

4.0.12-1

4.0.13-1~bpo8+1

4.0.13-1

5.*

5.0.1-1

5.0.1-2

5.0.2-1

5.0.3-1

5.0.5-1

5.0.6-1~bpo8+1

5.0.6-1

5.0.7-1

5.0.8-1~bpo8+1

5.0.8-1

5.0.8+dfsg1-1

5.0.9+dfsg1-1

5.0.9+repack1-1

5.0.10-1~bpo8+1

5.0.10-1

5.0.11-1

5.0.12-1

5.0.13-1~bpo8+1

5.0.13-1

5.0.13-2

5.0.14-1~bpo8+1

5.0.14-1

5.0.15-1

5.0.16-1~bpo8+1

5.0.16-1

5.0.17-1

5.0.18-1

5.0.19-1

5.0.20-1

5.0.21-1~bpo9+1

5.0.21-1

5.0.22-1

5.0.23-1~bpo9+1

5.0.23-1

5.0.24-1~bpo9+1

5.0.24-1

6.*

6.0.1-1

6.0.2-1

6.0.3-1

6.0.4-1

6.0.5-1

6.0.6-1

6.0.7-1

6.0.8-1~bpo9+1

6.0.8-1

6.0.9-1~bpo9+1

6.0.9-1

6.0.10-1

6.0.11-1~bpo9+1

6.0.11-1

6.0.12-1~bpo9+1

6.0.12-1

6.0.13-1

6.0.14-1

6.0.15-1

6.0.16-1

6.0.16-2

6.0.17-1

6.0.18-1

6.0.19-1

6.0.20-1~bpo10+1

6.0.20-1

6.0.21-1

6.0.22-1

6.0.23-1

6.0.23-2

6.0.24-1~bpo10+1

6.0.24-1

6.0.25-1

6.0.25-2

6.0.25-3~bpo10+1

6.0.25-3

6.0.26-1~bpo10+1

6.0.26-1

6.0.27-1~bpo10+1

6.0.27-1

6.0.28-1~bpo10+1

6.0.28-1

6.0.28-2

6.0.29-1~bpo10+1

6.0.29-1

6.0.30-1~bpo10+1

6.0.30-1

6.0.30-2

6.0.32-1

6.0.32-2~bpo10+1

6.0.32-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:5.0.4+dfsg2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:5.0.4+dfsg2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:5.0.4+dfsg2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/jquery-validation/jquery-validation

Affected ranges

Type: GIT
Repo: https://github.com/jquery-validation/jquery-validation
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5d8f29eef363d043a8fec4eb86d42cadb5fa5f7d

Affected versions

1.*

1.10.0

1.11.0

1.11.1

1.6.0

1.7.0

1.8.0

1.8.0pre

1.8.1

1.9.0