CVE-2020-11022

Beschreibung:
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources – even after sanitizing it – to one of jQuery’s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CWE: CWE-79

CVSS-Bewertung
CVSS 2: MEDIUM – 4.3 (Version: 2.0)
CVSS 3: MEDIUM – 6.1 (Version: 3.1)

Links:

NVD – CVE-2020-11022
CVE – CVE-2020-11022

Link (max. 20) Quelle Tags
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2 CONFIRM Mitigation Third Party Advisory Vendor Advisory
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ MISC Release Notes Vendor Advisory
https://jquery.com/upgrade-guide/3.5/ MISC Mitigation Vendor Advisory
https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77 MISC Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20200511-0006/ CONFIRM Third Party Advisory Third Party Advisory
https://www.drupal.org/sa-core-2020-002 CONFIRM Third Party Advisory
DSA-4693 DEBIAN Third Party Advisory
FEDORA-2020-11be4b36d4 FEDORA Third Party Advisory US Government Resource
FEDORA-2020-36d2db5f51 FEDORA Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html MISC Third Party Advisory
openSUSE-SU-2020:1060 SUSE Broken Link
GLSA-202007-03 GENTOO Third Party Advisory
openSUSE-SU-2020:1106 SUSE Broken Link
[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer MLIST Mailing List Third Party Advisory
FEDORA-2020-0b32a59b54 FEDORA Third Party Advisory
FEDORA-2020-fbb94073a1 FEDORA Third Party Advisory
FEDORA-2020-fe94df8c34 FEDORA Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html MISC Third Party Advisory
[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler MLIST Mailing List Third Party Advisory
[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler MLIST Mailing List Third Party Advisory

Quelle: NVD – CVE-2020-11022
Datum Veröffentlichung: 2020-04-29T22:15Z, Datum letzte Änderung: 2021-05-05T13:40Z