CVE-2022-31147

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31147

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31147.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31147

Aliases

GHSA-ffmh-x56j-9rc3

Downstream

UBUNTU-CVE-2022-31147

Published

2022-07-14T19:30:14Z

Modified

2025-11-19T02:34:02.026798Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

jquery-validation ReDoS in url2 due to incomplete fix of CVE-2021-43306

Details

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.

Database specific

{
    "cwe_ids": [
        "CWE-1333"
    ]
}

References

Affected packages

Git / github.com/jquery-validation/jquery-validation

Affected ranges

Type: GIT
Repo: https://github.com/jquery-validation/jquery-validation
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5907740ce2492338606dbbdbd13d244a8d545097