CVE-2020-11022: Cross-site Scripting

April 29, 2020 (updated November 29, 2021)

In jQuery, passing HTML from untrusted sources, even after sanitizing it, to one of jQuery’s DOM manipulation methods (i.e., .html(), .append(), and others) may execute untrusted code.

References

blog.jquery.com/2020/04/10/jquery-3-5-0-released/
jquery.com/upgrade-guide/3.5/
nvd.nist.gov/vuln/detail/CVE-2020-11022

Code Behaviors & Features

Detect and mitigate CVE-2020-11022 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →