Home > Vulnerability Database > CVE-2022-31147

Mend.io Vulnerability Database

CVE-2022-31147

Good to know:

Date: July 14, 2022

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.

Language: JS

Severity Score

7.5

Related Resources (5)

Url: https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3

Url: https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31147

Url: https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5

Url: https://www.mend.io/vulnerability-database/CVE-2022-31147

Severity Score

7.5

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version jquery-validation - 1.19.5

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31147

Good to know:

Date: July 14, 2022

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?