CVE-2021-21252: Regular expression denial of service in jquery-validation
First published: Wed Jan 13 2021(Updated: )
The GitHub Security Lab team has identified potential security vulnerabilities in jquery.validation. The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service) This issue was discovered and reported by GitHub team member @erik-krogh (Erik Krogh Kristensen).
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| nuget/jQuery.Validation | <1.19.3 | 1.19.3 |
| npm/jquery-validation | <1.19.3 | 1.19.3 |
| JQuery Validation Plugin | <1.19.3 | |
| NetApp SnapCenter |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm
- https://github.com/jquery-validation/jquery-validation/pull/2371
- https://github.com/jquery-validation/jquery-validation/commit/5d8f29eef363d043a8fec4eb86d42cadb5fa5f7d
- https://www.npmjs.com/package/jquery-validation
- https://nvd.nist.gov/vuln/detail/CVE-2021-21252
- https://security.netapp.com/advisory/ntap-20210219-0005/
- https://jqueryvalidation.org/#installation-via-package-managers
- https://securitylab.github.com/advisories/GHSL-2020-294-redos-jquery-validation/
- https://www.nuget.org/packages/jquery.validation
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://github.com/advisories/GHSA-jxwx-85vp-gvwm (Advisory)
Frequently Asked Questions
What is the severity of CVE-2021-21252?
CVE-2021-21252 has a moderate severity level due to its potential for Regular Expression Denial of Service (ReDoS) attacks.
How do I fix CVE-2021-21252?
To fix CVE-2021-21252, upgrade to jQuery.Validation version 1.19.3 or later.
What software is affected by CVE-2021-21252?
CVE-2021-21252 affects jQuery.Validation versions prior to 1.19.3, as well as related packages in npm and NuGet.
When was CVE-2021-21252 discovered?
CVE-2021-21252 was reported by the GitHub Security Lab team aiming to raise awareness of vulnerabilities in jQuery.Validation.
What type of vulnerability is CVE-2021-21252?
CVE-2021-21252 is a Regular Expression Denial of Service (ReDoS) vulnerability.
- collector/github-advisory-latest
- alias/GHSA-jxwx-85vp-gvwm
- alias/CVE-2021-21252
- collector/github-advisory
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/nvd-index
- package-manager/nuget
- package-manager/npm
- vendor/jqueryvalidation
- canonical/jquery validation plugin
- vendor/netapp
- canonical/netapp snapcenter