Lucene search

GitHub Advisory DatabaseGHSA-257Q-PV89-V3XV

HistoryJun 26, 2023 - 9:30 p.m.

jQuery Cross Site Scripting vulnerability

2023-06-2621:30:58

CWE-79

GitHub Advisory Database

github.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

48.5%

JSON

Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.

CPENameOperatorVersion
org.webjars.npm:jqueryge1.0.3
org.webjars.npm:jquerylt3.5.0
jqueryge1.0.3
jquerylt3.5.0
jquery-railslt4.4.0
jqueryge1.0.3
jquerylt3.5.0

Name	Operator	Version
org.webjars.npm:jquery	ge	1.0.3
org.webjars.npm:jquery	lt	3.5.0
jquery	ge	1.0.3
jquery	lt	3.5.0
jquery-rails	lt	4.4.0
jquery	ge	1.0.3
jquery	lt	3.5.0

References

blog.jquery.com/2020/04/10/jquery-3-5-0-released

github.com/advisories/GHSA-257q-pv89-v3xv

github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77

github.com/rails/jquery-rails/blob/master/CHANGELOG.md#410

github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

github.com/rails/jquery-rails/blob/v4.3.5/vendor/assets/javascripts/jquery3.js#L5979

github.com/rails/jquery-rails/blob/v4.4.0/vendor/assets/javascripts/jquery3.js#L6162

github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml

nvd.nist.gov/vuln/detail/CVE-2020-23064

security.netapp.com/advisory/ntap-20230725-0003

snyk.io/vuln/SNYK-JS-JQUERY-565129

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

48.5%

JSON

Related for GHSA-257Q-PV89-V3XV