CVE-2020-11023

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11023

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11023.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11023

Aliases

Related

Published

2020-04-29T21:15:11Z

Modified

2024-09-11T04:33:15.739273Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

References

Affected packages

Debian:11 / node-jquery

Package

Name: node-jquery
Purl: pkg:deb/debian/node-jquery?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.0+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / node-jquery

Package

Name: node-jquery
Purl: pkg:deb/debian/node-jquery?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.0+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / node-jquery

Package

Name: node-jquery
Purl: pkg:deb/debian/node-jquery?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.0+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / otrs2

Package

Name: otrs2
Purl: pkg:deb/debian/otrs2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.30-1

Affected versions

2.*

2.0.4p01-6

2.0.4p01-7

2.0.4p01-8

2.0.4p01-9

2.0.4p01-10

2.0.4p01-11

2.0.4p01-12

2.0.4p01-13

2.0.4p01-14

2.0.4p01-14.1

2.0.4p01-15

2.0.4p01-16

2.0.4p01-17

2.0.4p01-18

2.0.99beta1-1

2.0.99beta1-2

2.1.1-1

2.1.3-1

2.1.4-1

2.1.4-2

2.1.5-1

2.1.5-2

2.1.5-3

2.1.6-1

2.1.7-1

2.1.7-2

2.2.0~beta2-1

2.2.0~beta3-1

2.2.1-1

2.2.2-1

2.2.3-1

2.2.4-1

2.2.5-1

2.2.5-2

2.2.6-1

2.2.7-1

2.2.7-2

2.2.7-2lenny1

2.2.7-2lenny2

2.2.7-2lenny3

2.2.7-3

2.3.2-1

2.3.2-2

2.3.3-1

2.3.4-1

2.3.4-2

2.3.4-3

2.3.4-4

2.3.4-5

2.3.4-6

2.3.4-7

2.4.5-1

2.4.5-2

2.4.5-3

2.4.5-4

2.4.5-5

2.4.6-1

2.4.6-2

2.4.7-1

2.4.7-2

2.4.7-3

2.4.7-4

2.4.7-5

2.4.7-6

2.4.7+dfsg1-1

2.4.8+dfsg1-1

2.4.9+dfsg1-1

2.4.9+dfsg1-2

2.4.9+dfsg1-3

2.4.9+dfsg1-3+squeeze1

2.4.9+dfsg1-3+squeeze3

2.4.9+dfsg1-3+squeeze4

2.4.9+dfsg1-3+squeeze5

2.4.9+dfsg1-4

2.4.9+dfsg1-5

2.4.10+dfsg1-1

2.4.10+dfsg1-2

2.4.10+dfsg1-3

3.*

3.0.8+dfsg1-1

3.0.9+dfsg1-1

3.0.10+dfsg1-1

3.0.10+dfsg1-2

3.0.11+dfsg1-1

3.1.0~beta4+dfsg1-1

3.1.0~beta5+dfsg1-1

3.1.0~rc1+dfsg1-1

3.1.1+dfsg1-1

3.1.1+dfsg1-2

3.1.2+dfsg1-1

3.1.2+dfsg1-2

3.1.2+dfsg1-3

3.1.3+dfsg1-1

3.1.3+dfsg1-2

3.1.4+dfsg1-1

3.1.5+dfsg1-1

3.1.5+dfsg1-2

3.1.5+dfsg1-3

3.1.6+dfsg1-1

3.1.7+dfsg1-1

3.1.7+dfsg1-2

3.1.7+dfsg1-3

3.1.7+dfsg1-4

3.1.7+dfsg1-5

3.1.7+dfsg1-6

3.1.7+dfsg1-7

3.1.7+dfsg1-8

3.1.8+dfsg1-1

3.1.9+dfsg1-1

3.1.10+dfsg1-1

3.1.11+dfsg1-1

3.1.12+dfsg1-1

3.1.12+dfsg1-2

3.1.12+dfsg1-3

3.2.1+dfsg1-1

3.2.2+dfsg1-1

3.2.3+dfsg1-1

3.2.4-1

3.2.5-1

3.2.6-1

3.2.6-2

3.2.7-1

3.2.7-2

3.2.8-1

3.2.9-1

3.2.9-2

3.2.10-1

3.2.10-2

3.2.11-1~bpo70+1

3.2.11-1

3.2.12-1

3.3.1-1

3.3.2-1

3.3.3-1

3.3.3-2

3.3.3-3

3.3.4-1

3.3.5-1

3.3.6-1

3.3.7-1

3.3.7-2

3.3.8-1

3.3.9-1

3.3.9-2

3.3.9-3~bpo70+1

3.3.9-3

3.3.10-1

3.3.11-1

3.3.18-1~deb7u1

3.3.18-1~deb7u2

3.3.18-1~deb7u3

4.*

4.0.5-1

4.0.5-2

4.0.6-1

4.0.7-1

4.0.7-2

4.0.8-1

4.0.9-1

4.0.10-1

4.0.11-1

4.0.12-1

4.0.13-1~bpo8+1

4.0.13-1

5.*

5.0.1-1

5.0.1-2

5.0.2-1

5.0.3-1

5.0.5-1

5.0.6-1~bpo8+1

5.0.6-1

5.0.7-1

5.0.8-1~bpo8+1

5.0.8-1

5.0.8+dfsg1-1

5.0.9+dfsg1-1

5.0.9+repack1-1

5.0.10-1~bpo8+1

5.0.10-1

5.0.11-1

5.0.12-1

5.0.13-1~bpo8+1

5.0.13-1

5.0.13-2

5.0.14-1~bpo8+1

5.0.14-1

5.0.15-1

5.0.16-1~bpo8+1

5.0.16-1

5.0.17-1

5.0.18-1

5.0.19-1

5.0.20-1

5.0.21-1~bpo9+1

5.0.21-1

5.0.22-1

5.0.23-1~bpo9+1

5.0.23-1

5.0.24-1~bpo9+1

5.0.24-1

6.*

6.0.1-1

6.0.2-1

6.0.3-1

6.0.4-1

6.0.5-1

6.0.6-1

6.0.7-1

6.0.8-1~bpo9+1

6.0.8-1

6.0.9-1~bpo9+1

6.0.9-1

6.0.10-1

6.0.11-1~bpo9+1

6.0.11-1

6.0.12-1~bpo9+1

6.0.12-1

6.0.13-1

6.0.14-1

6.0.15-1

6.0.16-1

6.0.16-2

6.0.17-1

6.0.18-1

6.0.19-1

6.0.20-1~bpo10+1

6.0.20-1

6.0.21-1

6.0.22-1

6.0.23-1

6.0.23-2

6.0.24-1~bpo10+1

6.0.24-1

6.0.25-1

6.0.25-2

6.0.25-3~bpo10+1

6.0.25-3

6.0.26-1~bpo10+1

6.0.26-1

6.0.27-1~bpo10+1

6.0.27-1

6.0.28-1~bpo10+1

6.0.28-1

6.0.28-2

6.0.29-1~bpo10+1

6.0.29-1

6.0.30-1~bpo10+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

497914920385b7016ac9c9367e0198530787adf2

Fixed

c62d5ba13e02923cf4f6e2a7ede0d2afcaa68043

Type: GIT
Repo: https://github.com/jquery/jquery
Events: Introduced

4e3da33c59fafe34e237585743e86e24ba81046e

Fixed

7a0a850f3d41c0412609c1d32b1e602d4afe2f4e

Affected versions

7.*

7.0

7.1

7.10

7.11

7.12

7.13

7.14

7.15

7.16

7.17

7.18

7.19

7.2

7.20

7.21

7.22

7.23

7.24

7.25

7.26

7.27

7.28

7.29

7.3

7.30

7.31

7.32

7.33

7.34

7.35

7.36

7.37

7.38

7.39

7.4

7.40

7.41

7.42

7.43

7.44

7.5

7.50

7.51

7.52

7.53

7.54

7.55

7.56

7.57

7.58

7.59

7.6

7.60

7.61

7.62

7.63

7.64

7.65

7.66

7.67

7.68

7.69

7.7

7.8

7.9