Title: jquery-2.1.4.min.js: 4 vulnerabilities (highest severity is: 5.7) [master] · Issue #34 · amaybaum-dev/BenchmarkJava · GitHub
Open Graph Title: jquery-2.1.4.min.js: 4 vulnerabilities (highest severity is: 5.7) [master] · Issue #34 · amaybaum-dev/BenchmarkJava
X Title: jquery-2.1.4.min.js: 4 vulnerabilities (highest severity is: 5.7) [master] · Issue #34 · amaybaum-dev/BenchmarkJava
Description: 📂 Vulnerable Library - jquery-2.1.4.min.js JavaScript library for DOM operations Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js Path to vulnerable library: /src/main/webapp/js/jquery.min.js Findings ...
Open Graph Description: 📂 Vulnerable Library - jquery-2.1.4.min.js JavaScript library for DOM operations Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js Path to vulnerable library: /sr...
X Description: 📂 Vulnerable Library - jquery-2.1.4.min.js JavaScript library for DOM operations Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js Path to vulnerable library: /sr...
Opengraph URL: https://github.com/amaybaum-dev/BenchmarkJava/issues/34
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"jquery-2.1.4.min.js: 4 vulnerabilities (highest severity is: 5.7) [master]","articleBody":"\u003cdetails\u003e\n \u003csummary\u003e📂 Vulnerable Library - \u003cstrong\u003ejquery-2.1.4.min.js\u003c/strong\u003e\u003c/summary\u003e\n\nJavaScript library for DOM operations\n\n**Library home page:** [ https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js ](https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js)\n\n\n\n**Path to vulnerable library:** /src/main/webapp/js/jquery.min.js\n\n\n\u003c/details\u003e\n\n\n# Findings\n| Finding | Severity | 🎯 CVSS | Exploit Maturity | EPSS | Library | Type | Fixed in | Remediation Available | **Reachability** |\n| ------------- | ------------- | ---- | --- | ----- | ----- | ----- | --- | --- | --- |\n| [ CVE-2020-11022 ](https://www.mend.io/vulnerability-database/CVE-2020-11022) | 🟠 Medium | 5.7 | Proof of concept | 30.1% | jquery-2.1.4.min.js | Direct | org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,jquery - 3.5.0,org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0 | ❌ | |\n| [ CVE-2020-11023 ](https://www.mend.io/vulnerability-database/CVE-2020-11023) | 🟠 Medium | 5.7 | Proof of concept | 27.8% | jquery-2.1.4.min.js | Direct | org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,jQuery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,org.webjars.npm:jquery:3.5.0,jQuery - 3.5.0 | ❌ | |\n| [ CVE-2015-9251 ](https://www.mend.io/vulnerability-database/CVE-2015-9251) | 🟠 Medium | 5.3 | High | 10.1% | jquery-2.1.4.min.js | Direct | jquery - 3.0.0,org.webjars.npm:jquery:1.12.2,jQuery - 3.0.0,jquery-rails - 4.2.0,jquery - 1.12.2,org.webjars.npm:jquery:3.0.0,jQuery - 1.12.2,jQuery - 3.0.0,org.webjars.npm:jquery:1.12.2,org.webjars.npm:jquery:3.0.0,jquery - 3.0.0,jquery - 1.12.2,jQuery - 1.12.2,jquery-rails - 4.2.0 | ❌ | |\n| [ CVE-2019-11358 ](https://www.mend.io/vulnerability-database/CVE-2019-11358) | 🟡 Low | 2.1 | Proof of concept | 5.5% | jquery-2.1.4.min.js | Direct | org.webjars.npm:jquery:3.4.0,django - 2.2.2,jquery - 3.4.0,jquery-rails - 4.3.4,django - 2.1.9,jQuery - 3.4.0,jquery-rails - 4.3.4,django - 2.2.2,django - 2.1.9,org.webjars.npm:jquery:3.4.0,jQuery - 3.4.0,jquery - 3.4.0 | ❌ | |\n\n\n# Details\n\n\n\u003cdetails\u003e\n \u003csummary\u003e\n 🟠CVE-2020-11022\n \u003c/summary\u003e\n\n### Vulnerable Library - **jquery-2.1.4.min.js**\n\nJavaScript library for DOM operations\n\n**Library home page:** [ https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js ](https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js)\n\n\n\n**Path to vulnerable library:** /src/main/webapp/js/jquery.min.js\n\n\n\n**Dependency Hierarchy:**\n\n\n- ❌ **jquery-2.1.4.min.js** (Vulnerable Library)\n\n\n\n\n***\n\n### Vulnerability Details\n\nIn jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n\n**Publish Date:** Apr 29, 2020 12:00 AM\n\n**URL:** [ CVE-2020-11022 ](https://www.mend.io/vulnerability-database/CVE-2020-11022)\n\n**Threat Assessment**\n\nExploit Maturity:Proof of concept\n\nEPSS:30.1%\n\n**Score:** 5.7\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-gxr4-xjj5-5px2\n\n**Release Date:** Apr 29, 2020 12:00 AM\n\n**Fix Resolution :** org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,jquery - 3.5.0,org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n 🟠CVE-2020-11023\n \u003c/summary\u003e\n\n### Vulnerable Library - **jquery-2.1.4.min.js**\n\nJavaScript library for DOM operations\n\n**Library home page:** [ https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js ](https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js)\n\n\n\n**Path to vulnerable library:** /src/main/webapp/js/jquery.min.js\n\n\n\n**Dependency Hierarchy:**\n\n\n- ❌ **jquery-2.1.4.min.js** (Vulnerable Library)\n\n\n\n\n***\n\n### Vulnerability Details\n\nIn jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n\n**Publish Date:** Apr 29, 2020 12:00 AM\n\n**URL:** [ CVE-2020-11023 ](https://www.mend.io/vulnerability-database/CVE-2020-11023)\n\n**Threat Assessment**\n\nExploit Maturity:Proof of concept\n\nEPSS:27.8%\n\n**Score:** 5.7\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-jpcq-cgw6-v4j6\n\n**Release Date:** Apr 29, 2020 12:00 AM\n\n**Fix Resolution :** org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,jQuery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,org.webjars.npm:jquery:3.5.0,jQuery - 3.5.0\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n 🟠CVE-2015-9251\n \u003c/summary\u003e\n\n### Vulnerable Library - **jquery-2.1.4.min.js**\n\nJavaScript library for DOM operations\n\n**Library home page:** [ https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js ](https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js)\n\n\n\n**Path to vulnerable library:** /src/main/webapp/js/jquery.min.js\n\n\n\n**Dependency Hierarchy:**\n\n\n- ❌ **jquery-2.1.4.min.js** (Vulnerable Library)\n\n\n\n\n***\n\n### Vulnerability Details\n\njQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n\n**Publish Date:** Jan 18, 2018 11:00 PM\n\n**URL:** [ CVE-2015-9251 ](https://www.mend.io/vulnerability-database/CVE-2015-9251)\n\n**Threat Assessment**\n\nExploit Maturity:High\n\nEPSS:10.1%\n\n**Score:** 5.3\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-rmxg-73gg-4p98\n\n**Release Date:** Jan 18, 2018 11:00 PM\n\n**Fix Resolution :** jquery - 3.0.0,org.webjars.npm:jquery:1.12.2,jQuery - 3.0.0,jquery-rails - 4.2.0,jquery - 1.12.2,org.webjars.npm:jquery:3.0.0,jQuery - 1.12.2,jQuery - 3.0.0,org.webjars.npm:jquery:1.12.2,org.webjars.npm:jquery:3.0.0,jquery - 3.0.0,jquery - 1.12.2,jQuery - 1.12.2,jquery-rails - 4.2.0\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n 🟡CVE-2019-11358\n \u003c/summary\u003e\n\n### Vulnerable Library - **jquery-2.1.4.min.js**\n\nJavaScript library for DOM operations\n\n**Library home page:** [ https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js ](https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js)\n\n\n\n**Path to vulnerable library:** /src/main/webapp/js/jquery.min.js\n\n\n\n**Dependency Hierarchy:**\n\n\n- ❌ **jquery-2.1.4.min.js** (Vulnerable Library)\n\n\n\n\n***\n\n### Vulnerability Details\n\njQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.\n Mend Note: The description of this vulnerability differs from MITRE. \n\n**Publish Date:** Apr 19, 2019 12:00 AM\n\n**URL:** [ CVE-2019-11358 ](https://www.mend.io/vulnerability-database/CVE-2019-11358)\n\n**Threat Assessment**\n\nExploit Maturity:Proof of concept\n\nEPSS:5.5%\n\n**Score:** 2.1\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-6c3j-c64m-qhgq\n\n**Release Date:** Apr 19, 2019 12:00 AM\n\n**Fix Resolution :** org.webjars.npm:jquery:3.4.0,django - 2.2.2,jquery - 3.4.0,jquery-rails - 4.3.4,django - 2.1.9,jQuery - 3.4.0,jquery-rails - 4.3.4,django - 2.2.2,django - 2.1.9,org.webjars.npm:jquery:3.4.0,jQuery - 3.4.0,jquery - 3.4.0\n\n\n\u003c/details\u003e\n\n[comment]: \u003c\u003e (\u003cMEND_ISSUE_METADATA\u003e{\"identifier\":\"jquery-2.1.4.min.js\",\"repoName\":\"BenchmarkJava\",\"branchName\":\"master\",\"type\":\"SCA_DEP\"}\u003c/MEND_ISSUE_METADATA\u003e)","author":{"url":"https://github.com/mend-developer-platform-dev[bot]","@type":"Person","name":"mend-developer-platform-dev[bot]"},"datePublished":"2025-09-28T05:43:39.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/34/BenchmarkJava/issues/34"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:24aa9117-d8ec-27b8-4791-1670ea277f24 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | EBFA:188226:40730:54618:6A52AD4D |
| html-safe-nonce | 63baece91b4c1db6eb4a092da9ac4818200b42599fa9024508f6058f40a9200d |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFQkZBOjE4ODIyNjo0MDczMDo1NDYxODo2QTUyQUQ0RCIsInZpc2l0b3JfaWQiOiI4MzcxNjUxMzMzNDYwMjQxNzQxIiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | 408f36845a1ca90d437f517a36cfc008ac567d2ce32381f236dd93303498a5c5 |
| hovercard-subject-tag | issue:3461119518 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/amaybaum-dev/BenchmarkJava/34/issue_layout |
| twitter:image | https://opengraph.githubassets.com/23b0860eecd377124ba4b78c1f34e51a137977c15bbe6263d5e15ada06c6fd34/amaybaum-dev/BenchmarkJava/issues/34 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/23b0860eecd377124ba4b78c1f34e51a137977c15bbe6263d5e15ada06c6fd34/amaybaum-dev/BenchmarkJava/issues/34 |
| og:image:alt | 📂 Vulnerable Library - jquery-2.1.4.min.js JavaScript library for DOM operations Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js Path to vulnerable library: /sr... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | mend-developer-platform-dev[bot] |
| hostname | github.com |
| expected-hostname | github.com |
| None | b9a586c06a05a7a86fc7e3f4dbd03e42f6869085879aa184aa6369456dbd50fb |
| turbo-cache-control | no-preview |
| go-import | github.com/amaybaum-dev/BenchmarkJava git https://github.com/amaybaum-dev/BenchmarkJava.git |
| octolytics-dimension-user_id | 29013484 |
| octolytics-dimension-user_login | amaybaum-dev |
| octolytics-dimension-repository_id | 619308890 |
| octolytics-dimension-repository_nwo | amaybaum-dev/BenchmarkJava |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | true |
| octolytics-dimension-repository_parent_id | 33565372 |
| octolytics-dimension-repository_parent_nwo | OWASP-Benchmark/BenchmarkJava |
| octolytics-dimension-repository_network_root_id | 33565372 |
| octolytics-dimension-repository_network_root_nwo | OWASP-Benchmark/BenchmarkJava |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 07a982c1d40157c619b364352b704c3ce66bb332 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width