Fluid Attacks Database

Description

The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	phpmyadmin	>=0 <4:5.0.4+dfsg2-2	4:5.0.4+dfsg2-2
debian 11	civicrm	=5.33.2+dfsg1-1 \|\| =5.50.1+dfsg1-1 \|\| =5.50.3+dfsg1-1 \|\| =5.52.2+dfsg1-1 \|\| =5.53.0+dfsg1-1 \|\| =5.68.1+dfsg1-1	-
debian 11	otrs2	=2.0.4p01-10 \|\| =2.0.4p01-11 \|\| =2.0.4p01-12 \|\| =2.0.4p01-13 \|\| =2.0.4p01-14 \|\| =2.0.4p01-14.1 \|\| =2.0.4p01-15 \|\| =2.0.4p01-16 \|\| =2.0.4p01-17 \|\| =2.0.4p01-18 \|\| =2.0.4p01-6 \|\| =2.0.4p01-7 \|\| =2.0.4p01-8 \|\| =2.0.4p01-9 \|\| =2.0.99beta1-1 \|\| =2.0.99beta1-2 \|\| =2.1.1-1 \|\| =2.1.3-1 \|\| =2.1.4-1 \|\| =2.1.4-2 \|\| =2.1.5-1 \|\| =2.1.5-2 \|\| =2.1.5-3 \|\| =2.1.6-1 \|\| =2.1.7-1 \|\| =2.1.7-2 \|\| =2.2.0~beta2-1 \|\| =2.2.0~beta3-1 \|\| =2.2.1-1 \|\| =2.2.2-1 \|\| =2.2.3-1 \|\| =2.2.4-1 \|\| =2.2.5-1 \|\| =2.2.5-2 \|\| =2.2.6-1 \|\| =2.2.7-1 \|\| =2.2.7-2 \|\| =2.2.7-2lenny1 \|\| =2.2.7-2lenny2 \|\| =2.2.7-2lenny3 \|\| =2.2.7-3 \|\| =2.3.2-1 \|\| =2.3.2-2 \|\| =2.3.3-1 \|\| =2.3.4-1 \|\| =2.3.4-2 \|\| =2.3.4-3 \|\| =2.3.4-4 \|\| =2.3.4-5 \|\| =2.3.4-6 \|\| =2.3.4-7 \|\| =2.4.10+dfsg1-1 \|\| =2.4.10+dfsg1-2 \|\| =2.4.10+dfsg1-3 \|\| =2.4.5-1 \|\| =2.4.5-2 \|\| =2.4.5-3 \|\| =2.4.5-4 \|\| =2.4.5-5 \|\| =2.4.6-1 \|\| =2.4.6-2 \|\| =2.4.7+dfsg1-1 \|\| =2.4.7-1 \|\| =2.4.7-2 \|\| =2.4.7-3 \|\| =2.4.7-4 \|\| =2.4.7-5 \|\| =2.4.7-6 \|\| =2.4.8+dfsg1-1 \|\| =2.4.9+dfsg1-1 \|\| =2.4.9+dfsg1-2 \|\| =2.4.9+dfsg1-3 \|\| =2.4.9+dfsg1-3+squeeze1 \|\| =2.4.9+dfsg1-3+squeeze3 \|\| =2.4.9+dfsg1-3+squeeze4 \|\| =2.4.9+dfsg1-3+squeeze5 \|\| =2.4.9+dfsg1-4 \|\| =2.4.9+dfsg1-5 \|\| =3.0.10+dfsg1-1 \|\| =3.0.10+dfsg1-2 \|\| =3.0.11+dfsg1-1 \|\| =3.0.8+dfsg1-1 \|\| =3.0.9+dfsg1-1 \|\| =3.1.0~beta4+dfsg1-1 \|\| =3.1.0~beta5+dfsg1-1 \|\| =3.1.0~rc1+dfsg1-1 \|\| =3.1.1+dfsg1-1 \|\| =3.1.1+dfsg1-2 \|\| =3.1.10+dfsg1-1 \|\| =3.1.11+dfsg1-1 \|\| =3.1.12+dfsg1-1 \|\| =3.1.12+dfsg1-2 \|\| =3.1.12+dfsg1-3 \|\| =3.1.2+dfsg1-1 \|\| =3.1.2+dfsg1-2 \|\| =3.1.2+dfsg1-3 \|\| =3.1.3+dfsg1-1 \|\| =3.1.3+dfsg1-2 \|\| =3.1.4+dfsg1-1 \|\| =3.1.5+dfsg1-1 \|\| =3.1.5+dfsg1-2 \|\| =3.1.5+dfsg1-3 \|\| =3.1.6+dfsg1-1 \|\| =3.1.7+dfsg1-1 \|\| =3.1.7+dfsg1-2 \|\| =3.1.7+dfsg1-3 \|\| =3.1.7+dfsg1-4 \|\| =3.1.7+dfsg1-5 \|\| =3.1.7+dfsg1-6 \|\| =3.1.7+dfsg1-7 \|\| =3.1.7+dfsg1-8 \|\| =3.1.8+dfsg1-1 \|\| =3.1.9+dfsg1-1 \|\| =3.2.1+dfsg1-1 \|\| =3.2.10-1 \|\| =3.2.10-2 \|\| =3.2.11-1 \|\| =3.2.11-1~bpo70+1 \|\| =3.2.12-1 \|\| =3.2.2+dfsg1-1 \|\| =3.2.3+dfsg1-1 \|\| =3.2.4-1 \|\| =3.2.5-1 \|\| =3.2.6-1 \|\| =3.2.6-2 \|\| =3.2.7-1 \|\| =3.2.7-2 \|\| =3.2.8-1 \|\| =3.2.9-1 \|\| =3.2.9-2 \|\| =3.3.1-1 \|\| =3.3.10-1 \|\| =3.3.11-1 \|\| =3.3.18-1~deb7u1 \|\| =3.3.18-1~deb7u2 \|\| =3.3.18-1~deb7u3 \|\| =3.3.2-1 \|\| =3.3.3-1 \|\| =3.3.3-2 \|\| =3.3.3-3 \|\| =3.3.4-1 \|\| =3.3.5-1 \|\| =3.3.6-1 \|\| =3.3.7-1 \|\| =3.3.7-2 \|\| =3.3.8-1 \|\| =3.3.9-1 \|\| =3.3.9-2 \|\| =3.3.9-3 \|\| =3.3.9-3~bpo70+1 \|\| =4.0.10-1 \|\| =4.0.11-1 \|\| =4.0.12-1 \|\| =4.0.13-1 \|\| =4.0.13-1~bpo8+1 \|\| =4.0.5-1 \|\| =4.0.5-2 \|\| =4.0.6-1 \|\| =4.0.7-1 \|\| =4.0.7-2 \|\| =4.0.8-1 \|\| =4.0.9-1 \|\| =5.0.1-1 \|\| =5.0.1-2 \|\| =5.0.10-1 \|\| =5.0.10-1~bpo8+1 \|\| =5.0.11-1 \|\| =5.0.12-1 \|\| =5.0.13-1 \|\| =5.0.13-1~bpo8+1 \|\| =5.0.13-2 \|\| =5.0.14-1 \|\| =5.0.14-1~bpo8+1 \|\| =5.0.15-1 \|\| =5.0.16-1 \|\| =5.0.16-1~bpo8+1 \|\| =5.0.17-1 \|\| =5.0.18-1 \|\| =5.0.19-1 \|\| =5.0.2-1 \|\| =5.0.20-1 \|\| =5.0.21-1 \|\| =5.0.21-1~bpo9+1 \|\| =5.0.22-1 \|\| =5.0.23-1 \|\| =5.0.23-1~bpo9+1 \|\| =5.0.24-1 \|\| =5.0.24-1~bpo9+1 \|\| =5.0.3-1 \|\| =5.0.5-1 \|\| =5.0.6-1 \|\| =5.0.6-1~bpo8+1 \|\| =5.0.7-1 \|\| =5.0.8+dfsg1-1 \|\| =5.0.8-1 \|\| =5.0.8-1~bpo8+1 \|\| =5.0.9+dfsg1-1 \|\| =5.0.9+repack1-1 \|\| =6.0.1-1 \|\| =6.0.10-1 \|\| =6.0.11-1 \|\| =6.0.11-1~bpo9+1 \|\| =6.0.12-1 \|\| =6.0.12-1~bpo9+1 \|\| =6.0.13-1 \|\| =6.0.14-1 \|\| =6.0.15-1 \|\| =6.0.16-1 \|\| =6.0.16-2 \|\| =6.0.17-1 \|\| =6.0.18-1 \|\| =6.0.19-1 \|\| =6.0.2-1 \|\| =6.0.20-1 \|\| =6.0.20-1~bpo10+1 \|\| =6.0.21-1 \|\| =6.0.22-1 \|\| =6.0.23-1 \|\| =6.0.23-2 \|\| =6.0.24-1 \|\| =6.0.24-1~bpo10+1 \|\| =6.0.25-1 \|\| =6.0.25-2 \|\| =6.0.25-3 \|\| =6.0.25-3~bpo10+1 \|\| =6.0.26-1 \|\| =6.0.26-1~bpo10+1 \|\| =6.0.27-1 \|\| =6.0.27-1~bpo10+1 \|\| =6.0.28-1 \|\| =6.0.28-1~bpo10+1 \|\| =6.0.28-2 \|\| =6.0.29-1 \|\| =6.0.29-1~bpo10+1 \|\| =6.0.3-1 \|\| =6.0.30-1 \|\| =6.0.30-1~bpo10+1 \|\| =6.0.30-2 \|\| =6.0.32-1 \|\| =6.0.32-2 \|\| =6.0.32-2~bpo10+1 \|\| =6.0.4-1 \|\| =6.0.5-1 \|\| =6.0.6-1 \|\| =6.0.7-1 \|\| =6.0.8-1 \|\| =6.0.8-1~bpo9+1 \|\| =6.0.9-1 \|\| =6.0.9-1~bpo9+1 \|\| >=0 <6.0.32-4	6.0.32-4
npm	jquery-validation	>=0 <1.19.3	1.19.3
nuget	jquery.validation	>=0 <1.19.3	1.19.3
debian 13	phpmyadmin	>=0 <4:5.0.4+dfsg2-2	4:5.0.4+dfsg2-2
debian 12	phpmyadmin	>=0 <4:5.0.4+dfsg2-2	4:5.0.4+dfsg2-2

Aliases

1. CVE-2021-212522. NVD-2021-212523. OSV-DEBIAN-2021-212524. OSV-2021-212525. GHSA-jxwx-85vp-gvwm6. https://securitylab.github.com/advisories/GHSL-2020-294-redos-jquery-validation7. GCVE-2021-212528. SECURITY-TRACKER-CVE-2021-212529. lists.debian.org

References

1. https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm2. https://github.com/jquery-validation/jquery-validation/pull/23713. https://github.com/jquery-validation/jquery-validation/commit/5d8f29eef363d043a8fec4eb86d42cadb5fa5f7d4. https://jqueryvalidation.org/#installation-via-package-managers5. https://security.netapp.com/advisory/ntap-20210219-00056. https://www.npmjs.com/package/jquery-validation7. https://www.nuget.org/packages/jquery.validation