Candidate: CVE-2021-21252 PublicDate: 2021-01-13 19:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21252 https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm https://github.com/phpmyadmin/phpmyadmin/commit/401eedd288c4e83d69287b97a9f574f231156171 Description: The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3. Ubuntu-Description: Notes: Mitigation: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980892 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980891 Priority: medium Discovered-by: Erik Krogh Kristensen Assigned-to: CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] Patches_civicrm: upstream_civicrm: needs-triage precise/esm_civicrm: DNE trusty_civicrm: ignored (out of standard support) trusty/esm_civicrm: DNE xenial_civicrm: ignored (end of standard support, was needed) bionic_civicrm: needed focal_civicrm: needed groovy_civicrm: ignored (reached end-of-life) hirsute_civicrm: ignored (reached end-of-life) impish_civicrm: needed jammy_civicrm: needed devel_civicrm: needed Patches_otrs2: upstream_otrs2: needs-triage precise/esm_otrs2: DNE trusty_otrs2: ignored (out of standard support) trusty/esm_otrs2: DNE xenial_otrs2: ignored (end of standard support, was needed) bionic_otrs2: needed focal_otrs2: needed groovy_otrs2: ignored (reached end-of-life) hirsute_otrs2: ignored (reached end-of-life) impish_otrs2: needed jammy_otrs2: needed devel_otrs2: needed Patches_phpmyadmin: upstream: https://github.com/phpmyadmin/phpmyadmin/commit/401eedd288c4e83d69287b97a9f574f231156171 upstream_phpmyadmin: released (4:5.0.4+dfsg2-2) precise/esm_phpmyadmin: DNE trusty_phpmyadmin: ignored (out of standard support) trusty/esm_phpmyadmin: needed xenial_phpmyadmin: ignored (end of standard support, was needed) bionic_phpmyadmin: needed focal_phpmyadmin: needed groovy_phpmyadmin: ignored (reached end-of-life) hirsute_phpmyadmin: not-affected (4:5.0.4+dfsg2-2) impish_phpmyadmin: not-affected (4:5.0.4+dfsg2-2) jammy_phpmyadmin: not-affected (4:5.0.4+dfsg2-2) devel_phpmyadmin: not-affected (4:5.0.4+dfsg2-2)