René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"CVE-2020-11023 (Medium) detected in jquery-1.9.1.jar","articleBody":"## CVE-2020-11023 - Medium Severity Vulnerability\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20\u003e Vulnerable Library - \u003cb\u003ejquery-1.9.1.jar\u003c/b\u003e\u003c/summary\u003e\n\n\u003cp\u003eWebJar for jQuery\u003c/p\u003e\n\u003cp\u003eLibrary home page: \u003ca href=\"http://webjars.org\"\u003ehttp://webjars.org\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003ePath to dependency file: /pom.xml\u003c/p\u003e\n\u003cp\u003ePath to vulnerable library: /target/in28Minutes-first-webapp-0.0.1-SNAPSHOT/WEB-INF/lib/jquery-1.9.1.jar,/jars/jquery/1.9.1/jquery-1.9.1.jar\u003c/p\u003e\n\u003cp\u003e\n\nDependency Hierarchy:\n  - :x: **jquery-1.9.1.jar** (Vulnerable Library)\n\u003cp\u003eFound in base branch: \u003cb\u003emaster\u003c/b\u003e\u003c/p\u003e\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20\u003e Vulnerability Details\u003c/summary\u003e\n\u003cp\u003e  \n  \nIn jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n\n\u003cp\u003ePublish Date: 2020-04-29\n\u003cp\u003eURL: \u003ca href=https://www.mend.io/vulnerability-database/CVE-2020-11023\u003eCVE-2020-11023\u003c/a\u003e\u003c/p\u003e\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20\u003e CVSS 3 Score Details (\u003cb\u003e6.9\u003c/b\u003e)\u003c/summary\u003e\n\u003cp\u003e\n\nBase Score Metrics:\n- Exploitability Metrics:\n  - Attack Vector: Network\n  - Attack Complexity: High\n  - Privileges Required: None\n  - User Interaction: Required\n  - Scope: Changed\n- Impact Metrics:\n  - Confidentiality Impact: High\n  - Integrity Impact: Low\n  - Availability Impact: None\n\u003c/p\u003e\nFor more information on CVSS3 Scores, click \u003ca href=\"https://www.first.org/cvss/calculator/3.0\"\u003ehere\u003c/a\u003e.\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/suggested_fix.png' width=19 height=20\u003e Suggested Fix\u003c/summary\u003e\n\u003cp\u003e\n\n\u003cp\u003eType: Upgrade version\u003c/p\u003e\n\u003cp\u003eOrigin: \u003ca href=\"https://github.com/advisories/GHSA-jpcq-cgw6-v4j6\"\u003ehttps://github.com/advisories/GHSA-jpcq-cgw6-v4j6\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eRelease Date: 2020-04-29\u003c/p\u003e\n\u003cp\u003eFix Resolution: jquery - 3.5.0,jQuery - 3.5.0,org.webjars.npm:jquery:3.5.0,jquery-rails - 4.4.0\u003c/p\u003e\n\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\n***\nStep up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)","author":{"url":"https://github.com/mend-bolt-for-github[bot]","@type":"Person","name":"mend-bolt-for-github[bot]"},"datePublished":"2024-03-13T20:15:16.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/14/JavaWebApplicationStepByStep/issues/14"}