CVE-2020-11023

critical-risk
Published 2020-04-29

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Do I need to act?

!
36.3% chance of exploitation in next 30 days
EPSS score — higher than 64% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
49767
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.9/10 Medium
NETWORK / HIGH complexity

Affected Products (20)

Communications Eagle Application Processor

Affected Vendors

Debian Oracle Drupal Fedoraproject Jquery Netapp Tenable

References (132)

Broken Link http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
Exploit http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.ht...
Release Notes https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Third Party Advisory https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
Release Notes https://jquery.com/upgrade-guide/3.5/
Issue Tracking https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba887...
Issue Tracking https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e...
Issue Tracking https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736...
Issue Tracking https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3...
Issue Tracking https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583...
Issue Tracking https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda18...
Issue Tracking https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736bab...
Issue Tracking https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c...
Issue Tracking https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae...
Issue Tracking https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dc...
Issue Tracking https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb...
Issue Tracking https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2...
Issue Tracking https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342...
and 112 more references
72
/ 100
critical-risk
Severity 21/34 · High
Exploitability 23/34 · High
Exposure 28/34 · Critical