NodeJS/jquery-validation/1.18.0

Client-side form validation made easy

Repo Link: https://www.npmjs.com/package/jquery-validation
License: MIT

4 Security Vulnerabilities

jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method

Published date: 2022-07-05T22:56:58Z

CVE: CVE-2022-31147

Links:

Summary

Incomplete fix of CVE-2021-43306: An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method.

Affected versions: ["1.19.5-pre", "1.19.4", "1.19.4-pre", "1.19.3", "1.19.2", "1.19.1", "1.19.0", "1.18.0", "1.17.0", "1.16.0", "1.15.1", "1.15.0", "1.15.0-pre", "1.14.0", "1.13.1"]

Secure versions: [1.20.0, 1.20.1, 1.21.0, 1.22.0, 1.22.1]

Recommendation: Update to version 1.22.1.

Regular expression denial of service in jquery-validation

Published date: 2022-06-03T00:00:59Z

CVE: CVE-2021-43306

Links:

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

Affected versions: ["1.19.4-pre", "1.19.3", "1.19.2", "1.19.1", "1.19.0", "1.18.0", "1.17.0", "1.16.0", "1.15.1", "1.15.0", "1.15.0-pre", "1.14.0", "1.13.1"]

Secure versions: [1.20.0, 1.20.1, 1.21.0, 1.22.0, 1.22.1]

Recommendation: Update to version 1.22.1.

Regular Expression Denial of Service in jquery-validation

Published date: 2021-01-13T18:21:54Z

CVE: CVE-2021-21252

Links:

The GitHub Security Lab team has identified potential security vulnerabilities in jquery.validation.

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

This issue was discovered and reported by GitHub team member @erik-krogh (Erik Krogh Kristensen).

Affected versions: ["1.19.2", "1.19.1", "1.19.0", "1.18.0", "1.17.0", "1.16.0", "1.15.1", "1.15.0", "1.15.0-pre", "1.14.0", "1.13.1"]

Secure versions: [1.20.0, 1.20.1, 1.21.0, 1.22.0, 1.22.1]

Recommendation: Update to version 1.22.1.

jquery-validation vulnerable to Cross-site Scripting

Published date: 2025-04-15T06:30:34Z

CVE: CVE-2025-3573

Links:

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

Affected versions: ["1.19.5", "1.19.5-pre", "1.19.4", "1.19.4-pre", "1.19.3", "1.19.2", "1.19.1", "1.19.0", "1.18.0", "1.17.0", "1.16.0", "1.15.1", "1.15.0", "1.15.0-pre", "1.14.0", "1.13.1"]

Secure versions: [1.20.0, 1.20.1, 1.21.0, 1.22.0, 1.22.1]

Recommendation: Update to version 1.22.1.

21 Other Versions

Version	License	Security	Released
1.22.1	MIT		2026-02-18 - 12:00	3 months
1.22.0	MIT		2026-01-22 - 15:49	4 months
1.21.0	MIT		2024-07-17 - 09:45	almost 2 years
1.20.1	MIT		2024-06-13 - 13:34	almost 2 years
1.20.0	MIT		2023-10-09 - 23:15	over 2 years
1.19.5	MIT	1	2022-07-01 - 15:22	almost 4 years
1.19.5-pre	MIT	2	2022-05-19 - 15:51	almost 4 years
1.19.4	MIT	2	2022-05-19 - 15:50	almost 4 years
1.19.4-pre	MIT	3	2022-04-12 - 16:30	about 4 years
1.19.3	MIT	3	2021-01-09 - 15:55	over 5 years
1.19.2	MIT	4	2020-05-23 - 08:35	almost 6 years
1.19.1	MIT	4	2019-06-15 - 06:34	almost 7 years
1.19.0	MIT	4	2018-11-28 - 18:36	over 7 years
1.18.0	MIT	4	2018-09-09 - 18:39	over 7 years
1.17.0	MIT	4	2017-07-29 - 07:31	almost 9 years
1.16.0	MIT	4	2016-12-02 - 12:51	over 9 years
1.15.1	MIT	4	2016-07-22 - 15:51	almost 10 years
1.15.0	MIT	4	2016-02-25 - 09:02	about 10 years
1.15.0-pre	MIT	4	2016-02-25 - 08:53	about 10 years
1.14.0	MIT	4	2015-06-30 - 16:14	almost 11 years
1.13.1	MIT	4	2014-10-17 - 14:07	over 11 years