GHSA-2pqj-h3vj-pqgw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2pqj-h3vj-pqgw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-2pqj-h3vj-pqgw/GHSA-2pqj-h3vj-pqgw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2pqj-h3vj-pqgw
- Aliases
- Published
- 2020-09-01T16:41:46Z
- Modified
- 2024-03-08T05:20:27.482141Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-Site Scripting in jquery
- Details
-
Affected versions of
jqueryare vulnerable to cross-site scripting. This occurs because the mainjqueryfunction uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is thatjquerymay interpret HTML as selectors when given certain inputs, allowing for client side code execution.Proof of Concept
$("#log").html( $("element[attribute='<img src=\"x\" onerror=\"alert(1)\" />']").html() );Recommendation
Update to version 1.9.0 or later.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-16011
- https://nvd.nist.gov/vuln/detail/CVE-2012-6708
- https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
- https://web.archive.org/web/20200227132049/http://www.securityfocus.com/bid/102792
- https://snyk.io/vuln/npm:jquery:20120206
- https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450223
- https://research.insecurelabs.org/jquery/test
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2012-6708.yml
- https://github.com/rails/jquery-rails/blob/v2.2.0/vendor/assets/javascripts/jquery.js#L67
- https://github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L59
- https://github.com/jquery/jquery
- https://bugs.jquery.com/ticket/9521
- https://bugs.jquery.com/ticket/6429
- https://bugs.jquery.com/ticket/12531
- https://bugs.jquery.com/ticket/11290
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
- http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
- http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html
Affected packages
npm / jquery
Package
- Name
- jquery
- View open source insights on deps.dev
- Purl
- pkg:npm/jquery
Maven / org.webjars.npm:jquery
Package
- Name
- org.webjars.npm:jquery
- View open source insights on deps.dev
- Purl
- pkg:maven/org.webjars.npm/jquery
NuGet / jQuery
Package
- Name
- jQuery
- View open source insights on deps.dev
- Purl
- pkg:nuget/jQuery
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.9.0
RubyGems / jquery-rails
Package
- Name
- jquery-rails
- Purl
- pkg:gem/jquery-rails