CVE-2020-11023 @ Npm-jquery-3.2.1

**Checkmarx \(SCA\):** Vulnerable Package
**Vulnerability:** [Read More ](https://devhub.checkmarx.com/cve-details/CVE-2020-11023) about CVE-2020-11023
**Checkmarx Project:** [AsafOrgTesting/Sast\-Sca\-Test\-Repo](https://ast-master-components.dev.cxast.net/projects/237241c8-680c-410c-b221-6975903ae1a1/overview?branch=master)
**Repository URL:** [https://github.com/AsafOrgTesting/Sast\-Sca\-Test\-Repo](https://github.com/AsafOrgTesting/Sast-Sca-Test-Repo)
**Branch:** master
**Scan ID:** [381445f1\-c79b\-4b6f\-9733\-56cc146401f9](https://ast-master-components.dev.cxast.net/projects/237241c8-680c-410c-b221-6975903ae1a1/scans?id=381445f1-c79b-4b6f-9733-56cc146401f9&branch=master)


----
In jQuery versions 1.0.3 through 3.4.1, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This vulnerability also affects jquery-rails versions through 4.3.5.





----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** LOW
**Availability impact:** NONE
**Remediation Upgrade Recommendation:** 3.5.0


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2020-11023 @ Npm-jquery-3.2.1 #15998

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2020-11023 @ Npm-jquery-3.2.1 #15998

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions