Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-11022

Опубликовано: 29 апр. 2020
Источник: debian
EPSS Низкий

Описание

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
jqueryremovedpackage
jqueryfixed3.3.1~dfsg-3+deb10u1busterpackage
jquerynot-affectedjessiepackage
node-jqueryfixed3.5.0+dfsg-2package
node-jqueryno-dsabusterpackage
drupal7removedpackage
drupal7not-affectedjessiepackage
otrs2fixed6.0.30-1package
otrs2ignoredstretchpackage

Примечания

  • https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2

  • https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77

  • https://www.drupal.org/sa-core-2020-002

  • https://otrs.com/release-notes/otrs-security-advisory-2020-14/

EPSS

Процентиль: 89%
0.04682
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-11022

CVSS3: 6.9
ubuntu
около 5 лет назад

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

redhat логотип

CVE-2020-11022

CVSS3: 6.1
redhat
около 5 лет назад

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

nvd логотип

CVE-2020-11022

CVSS3: 6.9
nvd
около 5 лет назад

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

github логотип

GHSA-gxr4-xjj5-5px2

CVSS3: 6.9
github
около 5 лет назад

Potential XSS vulnerability in jQuery

fstec логотип

BDU:2020-05190

CVSS3: 6.1
fstec
около 5 лет назад

Уязвимость библиотеки jQuery, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

EPSS

Процентиль: 89%
0.04682
Низкий