2020-03-30 19:01:15 +00:00
{
"CVE_data_meta" : {
2020-04-29 16:01:35 -05:00
"ASSIGNER" : "security-advisories@github.com" ,
2020-03-30 19:01:15 +00:00
"ID" : "CVE-2020-11023" ,
2020-04-29 16:01:35 -05:00
"STATE" : "PUBLIC" ,
"TITLE" : "Potential XSS vulnerability in jQuery"
2020-03-30 19:01:15 +00:00
} ,
2020-04-29 16:01:35 -05:00
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "jQuery" ,
"version" : {
"version_data" : [
{
2020-04-29 16:55:37 -05:00
"version_value" : ">= 1.0.3, < 3.5.0"
2020-04-29 16:01:35 -05:00
}
]
}
}
]
} ,
"vendor_name" : "jquery"
}
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
2020-03-30 19:01:15 +00:00
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2020-04-30 17:37:34 -05:00
"value" : "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."
2020-04-29 16:01:35 -05:00
}
]
} ,
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH" ,
"attackVector" : "NETWORK" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 6.9 ,
"baseSeverity" : "MEDIUM" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "LOW" ,
"privilegesRequired" : "NONE" ,
"scope" : "CHANGED" ,
"userInteraction" : "REQUIRED" ,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" ,
"version" : "3.1"
}
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
2020-03-30 19:01:15 +00:00
}
]
2020-04-29 16:01:35 -05:00
} ,
"references" : {
"reference_data" : [
{
2020-07-15 03:02:07 +00:00
"refsource" : "DEBIAN" ,
"name" : "DSA-4693" ,
"url" : "https://www.debian.org/security/2020/dsa-4693"
2020-04-29 16:01:35 -05:00
} ,
{
2020-07-15 03:02:07 +00:00
"refsource" : "FEDORA" ,
"name" : "FEDORA-2020-36d2db5f51" ,
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"
} ,
{
"url" : "https://www.oracle.com/security-alerts/cpujul2020.html" ,
2020-04-29 16:01:35 -05:00
"refsource" : "MISC" ,
2020-07-15 03:02:07 +00:00
"name" : "https://www.oracle.com/security-alerts/cpujul2020.html"
2020-04-29 16:55:37 -05:00
} ,
{
2020-07-15 03:02:07 +00:00
"name" : "https://jquery.com/upgrade-guide/3.5/" ,
2020-04-29 16:55:37 -05:00
"refsource" : "MISC" ,
2020-07-15 03:02:07 +00:00
"url" : "https://jquery.com/upgrade-guide/3.5/"
2020-05-11 10:01:14 +00:00
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://security.netapp.com/advisory/ntap-20200511-0006/" ,
"url" : "https://security.netapp.com/advisory/ntap-20200511-0006/"
2020-05-22 19:01:16 +00:00
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://www.drupal.org/sa-core-2020-002" ,
"url" : "https://www.drupal.org/sa-core-2020-002"
2020-05-27 13:01:19 +00:00
} ,
{
2020-07-15 03:02:07 +00:00
"name" : "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6" ,
"refsource" : "CONFIRM" ,
"url" : "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6"
2020-07-14 13:55:31 -07:00
} ,
{
2020-07-15 03:02:07 +00:00
"name" : "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released" ,
"refsource" : "MISC" ,
"url" : "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
2020-07-26 00:01:27 +00:00
} ,
{
"refsource" : "SUSE" ,
"name" : "openSUSE-SU-2020:1060" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
2020-07-27 01:01:21 +00:00
} ,
{
"refsource" : "GENTOO" ,
"name" : "GLSA-202007-03" ,
"url" : "https://security.gentoo.org/glsa/202007-03"
2020-07-28 03:01:19 +00:00
} ,
{
"refsource" : "SUSE" ,
"name" : "openSUSE-SU-2020:1106" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
2020-08-13 23:01:33 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[hive-issues] 20200813 [jira] [Assigned] (HIVE-24039) update jquery version to mitigate CVE-2020-11023" ,
"url" : "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E"
} ,
{
"refsource" : "MLIST" ,
"name" : "[hive-dev] 20200813 [jira] [Created] (HIVE-24039) update jquery version to mitigate CVE-2020-11023" ,
"url" : "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E"
} ,
{
"refsource" : "MLIST" ,
"name" : "[hive-issues] 20200813 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023" ,
"url" : "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E"
} ,
{
"refsource" : "MLIST" ,
"name" : "[hive-gitbox] 20200813 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023" ,
"url" : "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E"
2020-09-03 03:01:26 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[hive-issues] 20200902 [jira] [Work started] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023" ,
"url" : "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E"
} ,
{
"refsource" : "MLIST" ,
"name" : "[hive-issues] 20200902 [jira] [Commented] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023" ,
"url" : "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E"
} ,
{
"refsource" : "MLIST" ,
"name" : "[hive-issues] 20200902 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023" ,
"url" : "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E"
2020-09-03 05:01:28 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[hive-issues] 20200902 [jira] [Comment Edited] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023" ,
"url" : "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E"
2020-09-05 01:01:28 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[hive-issues] 20200904 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023" ,
"url" : "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E"
2020-09-11 19:01:38 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023" ,
"url" : "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E"
} ,
{
"refsource" : "MLIST" ,
"name" : "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023" ,
"url" : "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E"
2020-04-29 16:01:35 -05:00
}
]
} ,
"source" : {
"advisory" : "GHSA-jpcq-cgw6-v4j6" ,
"discovery" : "UNKNOWN"
2020-03-30 19:01:15 +00:00
}
2020-05-11 10:01:14 +00:00
}
