CVE-2021-21252
published 2021-01-13CVE-2021-21252: The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
3.53%
87.8th percentile
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | civicrm | < otrs2 6.0.32-4 (bullseye) | otrs2 6.0.32-4 (bullseye) |
| debian | node-jquery-validation | < otrs2 6.0.32-4 (bullseye) | otrs2 6.0.32-4 (bullseye) |
| debian | otrs2 | < otrs2 6.0.32-4 (bullseye) | otrs2 6.0.32-4 (bullseye) |
| debian | phpmyadmin | < otrs2 6.0.32-4 (bullseye) | otrs2 6.0.32-4 (bullseye) |
| jquery-validation | jquery-validation | < 1.19.3 | 1.19.3 |
| jquery-validation | jquery-validation | >= 0 < 1.19.3 | 1.19.3 |
| jqueryvalidation | jquery_validation | < 1.19.3 | 1.19.3 |
| phpmyadmin | phpmyadmin | >= 0 < 4:5.0.4+dfsg2-2 | 4:5.0.4+dfsg2-2 |
| phpmyadmin | phpmyadmin | >= 0 < 4:5.0.4+dfsg2-2 | 4:5.0.4+dfsg2-2 |
| phpmyadmin | phpmyadmin | >= 0 < 4:5.0.4+dfsg2-2 | 4:5.0.4+dfsg2-2 |
| phpmyadmin | phpmyadmin | >= 0 < 4:5.0.4+dfsg2-2 | 4:5.0.4+dfsg2-2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Regular Expression Denial of Service in jquery-validation
osv·2021-01-13
CVE-2021-21252 [HIGH] Regular Expression Denial of Service in jquery-validation
Regular Expression Denial of Service in jquery-validation
The GitHub Security Lab team has identified potential security vulnerabilities in jquery.validation.
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
This issue was discovered and reported by GitHub team member @erik-krogh (Erik Krogh Kristensen).
OSV
CVE-2021-21252: The jQuery Validation Plugin provides drop-in validation for your existing forms
osv·2021-01-13·CVSS 7.5
CVE-2021-21252 [HIGH] CVE-2021-21252: The jQuery Validation Plugin provides drop-in validation for your existing forms
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
GHSA
Regular Expression Denial of Service in jquery-validation
ghsa·2021-01-13
CVE-2021-21252 [HIGH] CWE-400 Regular Expression Denial of Service in jquery-validation
Regular Expression Denial of Service in jquery-validation
The GitHub Security Lab team has identified potential security vulnerabilities in jquery.validation.
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
This issue was discovered and reported by GitHub team member @erik-krogh (Erik Krogh Kristensen).
Red Hat
jquery-validate: jquery.validate.js vulnerable to ReDoS
vendor_redhat·2021-01-13·CVSS 5.3
CVE-2021-21252 [MEDIUM] CWE-400 jquery-validate: jquery.validate.js vulnerable to ReDoS
jquery-validate: jquery.validate.js vulnerable to ReDoS
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
A flaw was found in jQuery-validate. There is an issue where it contains one or more regular expressions vulnerable to a Regular Expression Denial of Service (ReDoS).
Package: jquery-validation (Red Hat Decision Manager 7) - Not affected
Package: jquery-validation (Red Hat Process Automation 7) - Not affected
Debian
CVE-2021-21252: civicrm - The jQuery Validation Plugin provides drop-in validation for your existing forms...
vendor_debian·2021·CVSS 5.3
CVE-2021-21252 [MEDIUM] CVE-2021-21252: civicrm - The jQuery Validation Plugin provides drop-in validation for your existing forms...
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
Scope: local
bullseye: open
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/jquery-validation/jquery-validation/commit/5d8f29eef363d043a8fec4eb86d42cadb5fa5f7dhttps://github.com/jquery-validation/jquery-validation/pull/2371https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwmhttps://lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlhttps://security.netapp.com/advisory/ntap-20210219-0005/https://www.npmjs.com/package/jquery-validationhttps://github.com/jquery-validation/jquery-validation/commit/5d8f29eef363d043a8fec4eb86d42cadb5fa5f7dhttps://github.com/jquery-validation/jquery-validation/pull/2371https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwmhttps://lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlhttps://security.netapp.com/advisory/ntap-20210219-0005/https://www.npmjs.com/package/jquery-validation
2021-01-13
Published