{"id":"CVE-2021-21252","details":"The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package \"jquery-validation\". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.","aliases":["GHSA-jxwx-85vp-gvwm"],"modified":"2026-04-10T04:29:35.255101Z","published":"2021-01-13T19:15:17.183Z","related":["GHSA-jxwx-85vp-gvwm"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"},{"type":"ADVISORY","url":"https://www.npmjs.com/package/jquery-validation"},{"type":"ADVISORY","url":"https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210219-0005/"},{"type":"FIX","url":"https://github.com/jquery-validation/jquery-validation/commit/5d8f29eef363d043a8fec4eb86d42cadb5fa5f7d"},{"type":"FIX","url":"https://github.com/jquery-validation/jquery-validation/pull/2371"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jquery-validation/jquery-validation","events":[{"introduced":"0"},{"fixed":"45b9e2857ba024514f9a46083009f25a94c17e3e"},{"fixed":"5d8f29eef363d043a8fec4eb86d42cadb5fa5f7d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.19.3"}]}}],"versions":["1.10.0","1.11.0","1.11.1","1.6.0","1.7.0","1.8.0","1.8.0pre","1.8.1","1.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21252.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}