-
-
Notifications
You must be signed in to change notification settings - Fork 221
/
Copy pathCVE-2020-23064.yml
29 lines (28 loc) · 1.1 KB
/
CVE-2020-23064.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
---
gem: jquery-rails
framework: rails
cve: 2020-23064
ghsa: 257q-pv89-v3xv
url: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
title: jQuery Cross Site Scripting vulnerability
date: 2023-06-26
description: |
Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0
allows a remote attacker to execute arbitrary code via the
`<options>` element.
cvss_v3: 6.1
unaffected_versions:
- "< 4.1.0"
patched_versions:
- ">= 4.4.0"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2020-23064
- https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
- https://github.com/rails/jquery-rails/blob/v4.4.0/vendor/assets/javascripts/jquery3.js#L6162
- https://github.com/rails/jquery-rails/blob/v4.3.5/vendor/assets/javascripts/jquery3.js#L5979
- https://snyk.io/vuln/SNYK-JS-JQUERY-565129
- https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
- https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#410
- https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440
- https://github.com/advisories/GHSA-257q-pv89-v3xv