CVE-2020-11023

Description

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Related CPE's

ajqueryjquery********

odebiandebian_linux9.0*******

ofedoraprojectfedora31*******

ofedoraprojectfedora32*******

ofedoraprojectfedora33*******

adrupaldrupal********

adrupaldrupal********

adrupaldrupal********

aoracleweblogic_server12.1.3.0.0*******

aoraclehyperion_financial_reporting11.1.2.4*******

References

https://jquery.com/upgrade-guide/3.5/

Release NotesVendor Advisory

https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6

Third Party Advisory

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Release NotesVendor Advisory

https://security.netapp.com/advisory/ntap-20200511-0006/

Third Party Advisory

https://www.drupal.org/sa-core-2020-002

Third Party Advisory

DSA-4693

Third Party Advisory

FEDORA-2020-36d2db5f51

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Third Party Advisory

openSUSE-SU-2020:1060

Broken Link

GLSA-202007-03

Third Party Advisory

openSUSE-SU-2020:1106

Broken Link

[hive-gitbox] 20200813 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-issues] 20200813 [jira] [Assigned] (HIVE-24039) update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-issues] 20200813 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-dev] 20200813 [jira] [Created] (HIVE-24039) update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-issues] 20200902 [jira] [Work started] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-issues] 20200902 [jira] [Commented] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-issues] 20200902 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-issues] 20200902 [jira] [Comment Edited] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-issues] 20200904 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

FEDORA-2020-0b32a59b54

Third Party Advisory

FEDORA-2020-fbb94073a1

Third Party Advisory

[hive-commits] 20200915 [hive] branch master updated: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023 (#1403)

Mailing ListPatchThird Party Advisory

[hive-issues] 20200915 [jira] [Resolved] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-issues] 20200915 [jira] [Work logged] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-gitbox] 20200915 [GitHub] [hive] kgyrtkirk merged pull request #1403: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

[hive-issues] 20200915 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023

Mailing ListThird Party Advisory

FEDORA-2020-fe94df8c34

Third Party Advisory

[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Third Party Advisory

[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler

Mailing ListThird Party Advisory

[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler

Mailing ListThird Party Advisory

openSUSE-SU-2020:1888

Broken LinkMailing ListThird Party Advisory

[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler

Mailing ListThird Party Advisory

[felix-dev] 20201208 [jira] [Created] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023

Mailing ListThird Party Advisory

[felix-dev] 20201208 [GitHub] [felix-dev] cziegeler merged pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023

Mailing ListThird Party Advisory

[felix-dev] 20201208 [jira] [Commented] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023

Mailing ListThird Party Advisory

[felix-dev] 20201208 [jira] [Assigned] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023

Mailing ListThird Party Advisory

[felix-dev] 20201208 [GitHub] [felix-dev] abhishekgarg18 opened a new pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023

Mailing ListThird Party Advisory

[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023

Mailing ListThird Party Advisory

[felix-commits] 20201208 [felix-dev] branch master updated: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023 (#64)

Mailing ListPatchThird Party Advisory

[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.5.0 is vulnerable to CVE-2020-11023

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2021.html

Third Party Advisory

[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler

Mailing ListThird Party Advisory

[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler

Mailing ListThird Party Advisory

https://www.tenable.com/security/tns-2021-02

Third Party Advisory

[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html

ExploitThird Party AdvisoryVDB Entry

[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler

Mailing ListThird Party Advisory

[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler

Mailing ListThird Party Advisory

[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler

Mailing ListThird Party Advisory

[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler

Mailing ListThird Party Advisory

https://www.tenable.com/security/tns-2021-10

Third Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

PatchThird Party Advisory

N/A

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

PatchThird Party Advisory

[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

PatchThird Party Advisory

N/A

Third Party Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AttackVector

NETWORK

AttackComplexity

LOW

PrivilegesRequired

NONE

UserInteraction

REQUIRED

Scope

CHANGED

ConfidentialityImpact

LOW

IntegrityImpact

LOW

AvailabilityImpact

NONE

BaseScore

6.1

BaseSeverity

MEDIUM

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

4.300000190734863

Created by Yello
About Severity.io