CVE-2020-11023

 

Published at: - 29-04-2020 11:15

Last modified: - 25-07-2022 08:15

Total changes: - 24

Description

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

 

Verification logic

 

Reference

• https://jquery.com/upgrade-guide/3.5/
• https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
• https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
• https://security.netapp.com/advisory/ntap-20200511-0006/
• https://www.drupal.org/sa-core-2020-002
• DSA-4693-Third Party Advisory
• FEDORA-2020-36d2db5f51-Third Party Advisory
• https://www.oracle.com/security-alerts/cpujul2020.html
• openSUSE-SU-2020:1060-Broken Link
• GLSA-202007-03-Third Party Advisory
• openSUSE-SU-2020:1106-Broken Link
• [hive-gitbox] 20200813 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-issues] 20200813 [jira] [Assigned] (HIVE-24039) update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-issues] 20200813 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-dev] 20200813 [jira] [Created] (HIVE-24039) update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-issues] 20200902 [jira] [Work started] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-issues] 20200902 [jira] [Commented] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-issues] 20200902 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-issues] 20200902 [jira] [Comment Edited] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-issues] 20200904 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• FEDORA-2020-0b32a59b54-Third Party Advisory
• FEDORA-2020-fbb94073a1-Third Party Advisory
• [hive-commits] 20200915 [hive] branch master updated: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023 (#1403)-Mailing List, Patch, Third Party Advisory
• [hive-issues] 20200915 [jira] [Resolved] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-issues] 20200915 [jira] [Work logged] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-gitbox] 20200915 [GitHub] [hive] kgyrtkirk merged pull request #1403: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• [hive-issues] 20200915 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023-Mailing List, Third Party Advisory
• FEDORA-2020-fe94df8c34-Third Party Advisory
• [nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html-Mailing List, Third Party Advisory
• https://www.oracle.com/security-alerts/cpuoct2020.html
• [flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler-Mailing List, Third Party Advisory
• [flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler-Mailing List, Third Party Advisory
• openSUSE-SU-2020:1888-Broken Link, Mailing List, Third Party Advisory
• [flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler-Mailing List, Third Party Advisory
• [felix-dev] 20201208 [jira] [Created] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023-Mailing List, Third Party Advisory
• [felix-dev] 20201208 [GitHub] [felix-dev] cziegeler merged pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023-Mailing List, Third Party Advisory
• [felix-dev] 20201208 [jira] [Commented] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023-Mailing List, Third Party Advisory
• [felix-dev] 20201208 [jira] [Assigned] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023-Mailing List, Third Party Advisory
• [felix-dev] 20201208 [GitHub] [felix-dev] abhishekgarg18 opened a new pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023-Mailing List, Third Party Advisory
• [felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023-Mailing List, Third Party Advisory
• [felix-commits] 20201208 [felix-dev] branch master updated: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023 (#64)-Mailing List, Patch, Third Party Advisory
• [felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.5.0 is vulnerable to CVE-2020-11023-Mailing List, Third Party Advisory
• https://www.oracle.com/security-alerts/cpujan2021.html
• [flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler-Mailing List, Third Party Advisory
• [flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler-Mailing List, Third Party Advisory
• https://www.tenable.com/security/tns-2021-02
• [debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update-Mailing List, Third Party Advisory
• http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html
• [flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler-Mailing List, Third Party Advisory
• [flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler-Mailing List, Third Party Advisory
• [flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler-Mailing List, Third Party Advisory
• [flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler-Mailing List, Third Party Advisory
• https://www.tenable.com/security/tns-2021-10
• https://www.oracle.com/security-alerts/cpuApr2021.html
• N/A-Patch, Third Party Advisory
• https://www.oracle.com/security-alerts/cpuoct2021.html
• [flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler-Mailing List, Third Party Advisory
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://www.oracle.com/security-alerts/cpuapr2022.html
• N/A-

 

Keywords

NVD

 

CVE-2020-11023

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures