CVE-2022-31147

HIGH

jQuery Validation Plugin <1.19.5 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-31147. PoCs published by amhar-hckr.

AI-analyzed exploit summary This repository contains a functional Python PoC for CVE-2022-31147, a path traversal vulnerability in the matthiasmullie/minify library. The script automates testing with various traversal payloads and heuristics to detect arbitrary file read vulnerabilities on both Linux and Windows systems.

Description

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.

Exploits (1)

nomisec WORKING POC
by amhar-hckr · poc
https://github.com/amhar-hckr/Webapp_Pentast

This repository contains a functional Python PoC for CVE-2022-31147, a path traversal vulnerability in the matthiasmullie/minify library. The script automates testing with various traversal payloads and heuristics to detect arbitrary file read vulnerabilities on both Linux and Windows systems.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: matthiasmullie/minify (versions affected by CVE-2022-31147)
No auth needed
Prerequisites: Access to the vulnerable minify endpoint · Knowledge of target file paths
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0031
EPSS Percentile 54.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-1333
Status published
Products (2)
jqueryvalidation/jquery_validation < 1.19.5
npm/jquery-validation 0 - 1.19.5npm
Published Jul 14, 2022
Tracked Since Feb 18, 2026