CVE-2020-11023 — MEDIUM (6.9)

Vulnerability Description

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVSS Score

6.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Jquery	Jquery	>= 1.0.3, < 3.5.0
Debian	Debian Linux	9.0
Fedoraproject	Fedora	31
Drupal	Drupal	>= 7.0, < 7.70
Oracle	Application Express	< 20.2
Oracle	Application Testing Suite	13.3.0.1
Oracle	Banking Enterprise Collections	>= 2.7.0, <= 2.8.0
Oracle	Banking Platform	>= 2.4.0, <= 2.10.0
Oracle	Blockchain Platform	< 21.1.2
Oracle	Business Intelligence	5.9.0.0.0
Oracle	Communications Analytics	12.1.1
Oracle	Communications Eagle Application Processor	>= 16.1.0, <= 16.4.0
Oracle	Communications Element Manager	8.1.1
Oracle	Communications Interactive Session Recorder	>= 6.1, <= 6.4
Oracle	Communications Operations Monitor	>= 4.1, <= 4.3
Oracle	Communications Services Gatekeeper	7.0
Oracle	Communications Session Report Manager	8.1.1
Oracle	Communications Session Route Manager	8.1.1
Oracle	Financial Services Regulatory Reporting For De Nederlandsche Bank	8.0.4
Oracle	Financial Services Revenue Management And Billing Analytics	2.7

Related Weaknesses (CWE)

CWE-79

References

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.htmlBroken LinkMailing ListThird Party Advisory
http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.htExploitThird Party AdvisoryVDB Entry
https://blog.jquery.com/2020/04/10/jquery-3-5-0-releasedRelease NotesVendor Advisory
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6Third Party Advisory
https://jquery.com/upgrade-guide/3.5/Release NotesVendor Advisory
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba887Issue TrackingMailing List
https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148eIssue TrackingMailing List
https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736Issue TrackingMailing List
https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3Issue TrackingMailing List
https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583Issue TrackingMailing List
https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda18Issue TrackingMailing List
https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736babIssue TrackingMailing List
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8cIssue TrackingMailing List

FAQ

What is CVE-2020-11023?

CVE-2020-11023 is a vulnerability with a CVSS score of 6.9 (MEDIUM). In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation me...

How severe is CVE-2020-11023?

CVE-2020-11023 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11023?

Check the references section above for vendor advisories and patch information. Affected products include: Jquery Jquery, Debian Debian Linux, Fedoraproject Fedora, Drupal Drupal, Oracle Application Express.