You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The application is vulnerable by using this component.
The jquery-validation package is vulnerable to Regular Expression Denial of Service (ReDoS). The url function in jquery.validate.js and core.js uses an insecure regular expression to identify valid urls. A remote attacker can exploit this vulnerability by supplying an input that consists of a long and incomplete url, such as http://aaaaaaaaaa.. This will lead to catastrophic backtracking and result in a Denial of Service condition when the application attempts to process the attacker-supplied data.
Mitigation: We recommend upgrading to a version of this component that is not vulnerable to this specific issue.
Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control.
The application is vulnerable by using this component.
The
jquery-validation
package is vulnerable to Regular Expression Denial of Service (ReDoS). Theurl
function injquery.validate.js
andcore.js
uses an insecure regular expression to identify valid urls. A remote attacker can exploit this vulnerability by supplying an input that consists of a long and incomplete url, such ashttp://aaaaaaaaaa.
. This will lead to catastrophic backtracking and result in a Denial of Service condition when the application attempts to process the attacker-supplied data.Note: This vulnerability was assigned CVE-2021-21252
Package Url: pkg:a-name/jquery-validation@1.14.0
Display Name: jquery-validation 1.14.0
Path Names: 96b6153df00345c3ba2da88795570ea6/wwwroot/lib/jquery-validation/dist/additional-methods.js 96b6153df00345c3ba2da88795570ea6/wwwroot/lib/jquery-validation/dist/jquery.validate.js
Security Issue Reference: sonatype-2021-0040
Security Issue Severity: 7.5
Security Issue Source: sonatype
Security Issue Threat Category: critical
Security Issue Url: http://nexus-iq.armorcode.ai:8070/ui/links/vln/sonatype-2021-0040
File Path: 96b6153df00345c3ba2da88795570ea6/wwwroot/lib/jquery-validation/dist/additional-methods.js
Mitigation: We recommend upgrading to a version of this component that is not vulnerable to this specific issue.
Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control.
jquery-validation/jquery-validation#2371
GHSA-jxwx-85vp-gvwm
Tool Finding Id: sonatype-2021-0040
The text was updated successfully, but these errors were encountered: