jquery.validate-1.17.0.js: 1 vulnerabilities (highest severity is: 7.5)

[mend-for-github-com]

Vulnerable Library - jquery.validate-1.17.0.js

Client-side form validation made easy

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.17.0/jquery.validate.js

Path to vulnerable library: /samples/Clients/src/MvcCode/wwwroot/lib/jquery-validation/dist/jquery.validate.js,/samples/Quickstarts/2_InteractiveAspNetCore/src/MvcClient/wwwroot/lib/jquery-validation/dist/jquery.validate.js,/samples/Quickstarts/3_AspNetCoreAndApis/src/MvcClient/wwwroot/lib/jquery-validation/dist/jquery.validate.js,/samples/Clients/src/MvcAutomaticTokenManagement/wwwroot/lib/jquery-validation/dist/jquery.validate.js,/samples/Quickstarts/5_EntityFramework/src/MvcClient/wwwroot/lib/jquery-validation/dist/jquery.validate.js,/samples/Quickstarts/6_AspNetIdentity/src/MvcClient/wwwroot/lib/jquery-validation/dist/jquery.validate.js,/samples/Quickstarts/4_JavaScriptClient/src/MvcClient/wwwroot/lib/jquery-validation/dist/jquery.validate.js

Found in HEAD commit: 2bc1b5823141d052b580a2d337a33507c6ef7e24

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in	Remediation Available
CVE-2021-21252	High	7.5	jquery.validate-1.17.0.js	Direct	jquery-validation - 1.19.3	❌

Details

CVE-2021-21252

Vulnerable Library - jquery.validate-1.17.0.js

Client-side form validation made easy

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.17.0/jquery.validate.js

Path to vulnerable library: /samples/Clients/src/MvcCode/wwwroot/lib/jquery-validation/dist/jquery.validate.js,/samples/Quickstarts/2_InteractiveAspNetCore/src/MvcClient/wwwroot/lib/jquery-validation/dist/jquery.validate.js,/samples/Quickstarts/3_AspNetCoreAndApis/src/MvcClient/wwwroot/lib/jquery-validation/dist/jquery.validate.js,/samples/Clients/src/MvcAutomaticTokenManagement/wwwroot/lib/jquery-validation/dist/jquery.validate.js,/samples/Quickstarts/5_EntityFramework/src/MvcClient/wwwroot/lib/jquery-validation/dist/jquery.validate.js,/samples/Quickstarts/6_AspNetIdentity/src/MvcClient/wwwroot/lib/jquery-validation/dist/jquery.validate.js,/samples/Quickstarts/4_JavaScriptClient/src/MvcClient/wwwroot/lib/jquery-validation/dist/jquery.validate.js

Dependency Hierarchy:

• ❌ jquery.validate-1.17.0.js (Vulnerable Library)

Found in HEAD commit: 2bc1b5823141d052b580a2d337a33507c6ef7e24

Found in base branch: main

Vulnerability Details

The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.

Publish Date: 2021-01-13

URL: CVE-2021-21252

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-jxwx-85vp-gvwm

Release Date: 2021-01-13

Fix Resolution: jquery-validation - 1.19.3