CVE-2020-23064: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the element.
References
- blog.jquery.com/2020/04/10/jquery-3-5-0-released/
- github.com/advisories/GHSA-257q-pv89-v3xv
- github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
- github.com/rails/jquery-rails/blob/master/CHANGELOG.md
- github.com/rails/jquery-rails/blob/master/CHANGELOG.md
- github.com/rails/jquery-rails/blob/v4.3.5/vendor/assets/javascripts/jquery3.js
- github.com/rails/jquery-rails/blob/v4.4.0/vendor/assets/javascripts/jquery3.js
- github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml
- nvd.nist.gov/vuln/detail/CVE-2020-23064
- snyk.io/vuln/SNYK-JS-JQUERY-565129
Detect and mitigate CVE-2020-23064 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →