CVE-2022-23395

Опубликовано: 02 мар. 2022

Источник: debian

EPSS Низкий

Описание

jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS).

Пакет	Статус	Версия исправления	Релиз	Тип
jquery-goodies	unfixed			package

https://github.com/advisories/GHSA-gcx5-3p5f-f8vp
https://security.snyk.io/vuln/SNYK-UBUNTU1804-CHROMIUMBROWSER-2415268
https://github.com/js-cookie/js-cookie/issues/766
Sanitizing should be dealt with at the application level, non issue for js-cookie

EPSS

Процентиль: 36%

0.00146

Низкий

CVE-2022-23395

CVSS3: 6.1

ubuntu

почти 4 года назад

jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS).

CVE-2022-23395

CVSS3: 6.1

nvd

почти 4 года назад

jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS).

GHSA-gcx5-3p5f-f8vp

CVSS3: 6.1

github

почти 4 года назад

Prototype Pollution in jquery.cookie

EPSS

Процентиль: 36%

0.00146

Низкий