CVE-2022-31147

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31147

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31147.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31147

Aliases

GHSA-ffmh-x56j-9rc3

Related

Published

2022-07-14T20:15:08Z

Modified

2025-07-02T00:19:16.108579Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.

References

Affected packages

Git / github.com/jquery-validation/jquery-validation

Affected ranges

Type: GIT
Repo: https://github.com/jquery-validation/jquery-validation
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5907740ce2492338606dbbdbd13d244a8d545097

Fixed

5bbd80d27fc6b607d2f7f106c89522051a9fb0dd

Affected versions

1.*

1.10.0

1.11.0

1.11.1

1.6.0

1.7.0

1.8.0

1.8.0pre

1.8.1

1.9.0