GHSA-2pqj-h3vj-pqgw

Suggest an improvement
Source
https://github.com/advisories/GHSA-2pqj-h3vj-pqgw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-2pqj-h3vj-pqgw/GHSA-2pqj-h3vj-pqgw.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2pqj-h3vj-pqgw
Aliases
Published
2020-09-01T16:41:46Z
Modified
2024-03-08T05:20:14.907785Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Cross-Site Scripting in jquery
Details

Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.

Proof of Concept

$("#log").html(
    $("element[attribute='<img src=\"x\" onerror=\"alert(1)\" />']").html()
);

Recommendation

Update to version 1.9.0 or later.

Database specific
{
    "nvd_published_at": "2018-01-18T23:29:00Z",
    "cwe_ids": [
        "CWE-64",
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:19:31Z"
}
References

Affected packages

npm / jquery

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.0

Database specific

{
    "last_known_affected_version_range": "<= 1.8.3"
}

Maven / org.webjars.npm:jquery

Package

Name
org.webjars.npm:jquery
View open source insights on deps.dev
Purl
pkg:maven/org.webjars.npm/jquery

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.0

Affected versions

1.*

1.7.2
1.7.3
1.8.2
1.8.3

Database specific

{
    "last_known_affected_version_range": "<= 1.8.3"
}

NuGet / jQuery

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.0

Affected versions

1.*

1.4.1
1.4.2
1.4.3
1.4.4
1.5.0
1.5.1
1.5.2
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.7.0
1.7.1
1.7.1.1
1.7.2
1.8.0
1.8.1
1.8.2
1.8.3

Database specific

{
    "last_known_affected_version_range": "<= 1.8.3"
}

RubyGems / jquery-rails

Package

Name
jquery-rails
Purl
pkg:gem/jquery-rails

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.0

Affected versions

0.*

0.1.1
0.1.2
0.1.3
0.2
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7

1.*

1.0.rc
1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19

2.*

2.0.1
2.0.2
2.0.3
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4