📂 Vulnerable Library - jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2020-11022 |
🟠 Medium |
5.7 |
Proof of concept |
30.1% |
jquery-3.2.1.min.js |
Direct |
org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,jquery - 3.5.0,org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0 |
❌ |
|
| CVE-2020-11023 |
🟠 Medium |
5.7 |
Proof of concept |
27.8% |
jquery-3.2.1.min.js |
Direct |
org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,jQuery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,org.webjars.npm:jquery:3.5.0,jQuery - 3.5.0 |
❌ |
|
| CVE-2019-11358 |
🟡 Low |
2.1 |
Proof of concept |
5.5% |
jquery-3.2.1.min.js |
Direct |
org.webjars.npm:jquery:3.4.0,django - 2.2.2,jquery - 3.4.0,jquery-rails - 4.3.4,django - 2.1.9,jQuery - 3.4.0,jquery-rails - 4.3.4,django - 2.2.2,django - 2.1.9,org.webjars.npm:jquery:3.4.0,jQuery - 3.4.0,jquery - 3.4.0 |
❌ |
|
Details
🟠CVE-2020-11022
Vulnerable Library - jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
- ❌ jquery-3.2.1.min.js (Vulnerable Library)
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: Apr 29, 2020 12:00 AM
URL: CVE-2020-11022
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:30.1%
Score: 5.7
Suggested Fix
Type: Upgrade version
Origin: GHSA-gxr4-xjj5-5px2
Release Date: Apr 29, 2020 12:00 AM
Fix Resolution : org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,jquery - 3.5.0,org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0
🟠CVE-2020-11023
Vulnerable Library - jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
- ❌ jquery-3.2.1.min.js (Vulnerable Library)
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: Apr 29, 2020 12:00 AM
URL: CVE-2020-11023
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:27.8%
Score: 5.7
Suggested Fix
Type: Upgrade version
Origin: GHSA-jpcq-cgw6-v4j6
Release Date: Apr 29, 2020 12:00 AM
Fix Resolution : org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,jQuery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,org.webjars.npm:jquery:3.5.0,jQuery - 3.5.0
🟡CVE-2019-11358
Vulnerable Library - jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
- ❌ jquery-3.2.1.min.js (Vulnerable Library)
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: Apr 19, 2019 12:00 AM
URL: CVE-2019-11358
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:5.5%
Score: 2.1
Suggested Fix
Type: Upgrade version
Origin: GHSA-6c3j-c64m-qhgq
Release Date: Apr 19, 2019 12:00 AM
Fix Resolution : org.webjars.npm:jquery:3.4.0,django - 2.2.2,jquery - 3.4.0,jquery-rails - 4.3.4,django - 2.1.9,jQuery - 3.4.0,jquery-rails - 4.3.4,django - 2.2.2,django - 2.1.9,org.webjars.npm:jquery:3.4.0,jQuery - 3.4.0,jquery - 3.4.0
📂 Vulnerable Library - jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Findings
Details
🟠CVE-2020-11022
Vulnerable Library - jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: Apr 29, 2020 12:00 AM
URL: CVE-2020-11022
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:30.1%
Score: 5.7
Suggested Fix
Type: Upgrade version
Origin: GHSA-gxr4-xjj5-5px2
Release Date: Apr 29, 2020 12:00 AM
Fix Resolution : org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,jquery - 3.5.0,org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0
🟠CVE-2020-11023
Vulnerable Library - jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: Apr 29, 2020 12:00 AM
URL: CVE-2020-11023
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:27.8%
Score: 5.7
Suggested Fix
Type: Upgrade version
Origin: GHSA-jpcq-cgw6-v4j6
Release Date: Apr 29, 2020 12:00 AM
Fix Resolution : org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,jQuery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,org.webjars.npm:jquery:3.5.0,jQuery - 3.5.0
🟡CVE-2019-11358
Vulnerable Library - jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /vprofile-project3/src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: Apr 19, 2019 12:00 AM
URL: CVE-2019-11358
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:5.5%
Score: 2.1
Suggested Fix
Type: Upgrade version
Origin: GHSA-6c3j-c64m-qhgq
Release Date: Apr 19, 2019 12:00 AM
Fix Resolution : org.webjars.npm:jquery:3.4.0,django - 2.2.2,jquery - 3.4.0,jquery-rails - 4.3.4,django - 2.1.9,jQuery - 3.4.0,jquery-rails - 4.3.4,django - 2.2.2,django - 2.1.9,org.webjars.npm:jquery:3.4.0,jQuery - 3.4.0,jquery - 3.4.0