CVE-2021-43306
Regular expression denial of service in jquery-validation
EPSS 1.1%
Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
How to fix CVE-2021-43306
To remediate CVE-2021-43306, upgrade the affected package to a fixed version below.
- npm/jquery-validation—upgrade to 1.19.4 or later
Is CVE-2021-43306 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.19.4