2405 matches found
CVE-2022-31147
The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...
UBUNTU-CVE-2022-31147
The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...
CVE-2022-31147 jquery-validation ReDoS in url2 due to incomplete fix of CVE-2021-43306
The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...
CVE-2022-31147
The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...
CVE-2022-31147
The vulnerability CVE-2022-31147 affects the jquery-validation plugin (npm/package jquery-validation). Versions prior to 1.19.5 are vulnerable to a Regular Expression Denial of Service (ReDoS) in the url2 method, due to an incomplete fix for CVE-2021-43306. Impact is a potential DoS; no exploit d...
CVE-2022-31147 jquery-validation ReDoS in url2 due to incomplete fix of CVE-2021-43306
The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...
jquery-validation 安全漏洞
npm jquery-validation is npm's way of providing plug-in validation for your existing forms while making it easy to customize them to fit your application. A security vulnerability exists in jquery-validation versions prior to 1.19.5, which stems from a ReDoS that can be triggered in the...
stackexchange uses an unpached version of jQuery < 3.4.0 which exposes it to prototype pollution
Description By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses...
GHSA-FFMH-X56J-9RC3 jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method
Summary Incomplete fix of CVE-2021-43306: An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method
Summary Incomplete fix of CVE-2021-43306: An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
@dmrvos/infrajs (>=0.0.4 <=0.0.8), @marjose/jstoolkit (>=0.0.2 <=1.0.0-beta) +10 more potentially affected by CVE-2022-31147 via jquery-validation (>=1.14.0 <=1.19.1)
jquery-validation NPM version =1.14.0, =0.0.4, =0.0.2, =0.2.2, =3.0.0, =0.11.28, =0.0.8, =1.4.0, =1.0.0, =3.0.0-prerelease.20170216T120000Z, =1.0.0, =1.0.6 - webpack-symfony-builder =1.0.0 Source cves: CVE-2022-31147 Source advisory: OSV:GHSA-FFMH-X56J-9RC3...
PT-2022-7237 · Unknown · Jquery-Validation
Name of the Vulnerable Software and Affected Versions: jquery-validation versions prior to 1.19.5 Description: The issue is related to the incorrect handling of regular expressions in the url2 method of the jQuery Validation Plugin, which can lead to a denial of service when an attacker supplies...
pcs security update
0.11.1-10.el90.1 - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz2081333 0.11.1-10 - Fixed snmp client - Fixed translating resource roles in colocation constraint - Resolves: rhbz2048640 0.11.1-9 - Fixed cluster destroy in web ui - Fixed covscan issue in web ui - Resolves:...
WordPress Jquery Validation For Contact Form 7 plugin <= 5.2 - Arbitrary Options Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Options Update via Cross-Site Request Forgery CSRF vulnerability discovered by Gibran Abdillah in WordPress Jquery Validation For Contact Form 7 plugin versions = 5.2. Solution Update the WordPress Jquery Validation For Contact Form 7 plugin to the latest available version at least 5.3...
Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack PoC...
Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.1.7 FP5. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.2.2. The following 3rd party components are used by IBM Cognos Analytics: Apache Axis is a Java based Web Services engine f...
Malicious code in wm-jquery (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bec0290c986c17e81178198c358d612fb49b72f2059784595fd25dad35d719b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7195 Malicious code in wm-jquery (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bec0290c986c17e81178198c358d612fb49b72f2059784595fd25dad35d719b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7196 Malicious code in wm-jquery-shadow-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4cce2934c0da39a0931ddef4e3d88c8f5afb631e708767cf3b4e98ec4dff7464 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...