CVE-2020-11023 (Medium) detected in jquery-3.4.1.slim.min.js #19

mend-bolt-for-github · 2022-02-06T06:53:29Z

CVE-2020-11023 - Medium Severity Vulnerability

Vulnerable Library - jquery-3.4.1.slim.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.slim.min.js

Path to vulnerable library: /public/static/tinyfilemanager/jquery.slim.min.js

Dependency Hierarchy:

❌ jquery-3.4.1.slim.min.js (Vulnerable Library)

Found in HEAD commit: f352336da07d5fd952b4d3573ba0eab6dacdbd1d

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.9)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://security.gentoo.org/glsa/202007-03

Fix Resolution: All Cacti users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=net-analyzer/cacti-1.2.13 All Cacti Spine users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=net-analyzer/cacti-spine-1.2.13 >=

Step up your Open Source Security Game with Mend here

mend-bolt-for-github · 2022-02-06T08:08:22Z

✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

mend-bolt-for-github · 2022-03-30T06:21:00Z

ℹ️ This issue was automatically re-opened by WhiteSource because the vulnerable library in the specific branch(es) has been detected in the WhiteSource inventory.

mend-bolt-for-github · 2025-01-24T18:34:08Z

ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-bolt-for-github bot added the Mend: dependency security vulnerability Security vulnerability detected by WhiteSource label Feb 6, 2022

icret added the 已经修复 already fixed label Feb 6, 2022

mend-bolt-for-github bot changed the title ~~CVE-2020-11023 (Medium) detected in jquery-3.4.1.min.js~~ CVE-2020-11023 (Medium) detected in jquery-3.4.1.min.js - autoclosed Feb 6, 2022

mend-bolt-for-github bot closed this as completed Feb 6, 2022

mend-bolt-for-github bot changed the title ~~CVE-2020-11023 (Medium) detected in jquery-3.4.1.min.js - autoclosed~~ CVE-2020-11023 (Medium) detected in jquery-3.4.1.slim.min.js Mar 30, 2022

mend-bolt-for-github bot reopened this Mar 30, 2022

icret closed this as completed Apr 30, 2022

mend-bolt-for-github bot reopened this Jan 24, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2020-11023 (Medium) detected in jquery-3.4.1.slim.min.js #19

CVE-2020-11023 (Medium) detected in jquery-3.4.1.slim.min.js #19

mend-bolt-for-github bot commented Feb 6, 2022 •

edited

Loading

mend-bolt-for-github bot commented Feb 6, 2022

mend-bolt-for-github bot commented Mar 30, 2022

mend-bolt-for-github bot commented Jan 24, 2025

CVE-2020-11023 (Medium) detected in jquery-3.4.1.slim.min.js #19

CVE-2020-11023 (Medium) detected in jquery-3.4.1.slim.min.js #19

Comments

mend-bolt-for-github bot commented Feb 6, 2022 • edited Loading

CVE-2020-11023 - Medium Severity Vulnerability

mend-bolt-for-github bot commented Feb 6, 2022

mend-bolt-for-github bot commented Mar 30, 2022

mend-bolt-for-github bot commented Jan 24, 2025

mend-bolt-for-github bot commented Feb 6, 2022 •

edited

Loading