CVE-2020-11023 - Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is in the KEV database since Jan. 23, 2025.

Exploitation active

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Drupal	Drupal
Fedoraproject	Fedora
Jquery	Jquery
Netapp	Active Iq Unified Manager Cloud Backup Cloud Insights Storage Workload Security Agent H300e H300e Firmware H300s H300s Firmware H410c H410c Firmware H410s H410s Firmware H500e H500e Firmware H500s H500s Firmware H700e H700e Firmware H700s H700s Firmware Hci Baseboard Management Controller Max Data Oncommand Insight Oncommand System Manager Snap Creator Framework Snapcenter Server
Oracle	Application Express Application Testing Suite Banking Enterprise Collections Banking Platform Blockchain Platform Business Intelligence Communications Analytics Communications Eagle Application Processor Communications Element Manager Communications Interactive Session Recorder Communications Operations Monitor Communications Services Gatekeeper Communications Session Report Manager Communications Session Route Manager Financial Services Regulatory Reporting For De Nederlandsche Bank Financial Services Revenue Management And Billing Analytics Health Sciences Inform Healthcare Translational Research Hyperion Financial Reporting Jd Edwards Enterpriseone Orchestrator Jd Edwards Enterpriseone Tools Oss Support Tools Peoplesoft Enterprise Human Capital Management Resources Primavera Gateway Rest Data Services Siebel Mobile Storagetek Acsls Storagetek Tape Analytics Sw Tool Webcenter Sites Weblogic Server
Redhat	Amq Interconnect Ansible Tower Discovery Enterprise Linux Jboss Enterprise Application Platform Jboss Single Sign On Logging Openshift Openstack Quay Red Hat Single Sign On Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus Rhev Manager Service Mesh
Tenable	Log Correlation Engine

Configuration 1 [-]

cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*
	cpe:2.3:o:fedoraproject:fedora:33:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

Configuration 5 [-]

OR	cpe:2.3:a:oracle:application_express::::::::
	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:banking_enterprise_collections::::::::
	cpe:2.3:a:oracle:banking_platform::::::::
	cpe:2.3:a:oracle:blockchain_platform::::::::
	cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*
	cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0::::enterprise:::
	cpe:2.3:a:oracle:communications_analytics:12.1.1:::::::*
	cpe:2.3:a:oracle:communications_eagle_application_processor::::::::
	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder::::::::
	cpe:2.3:a:oracle:communications_operations_monitor::::::::
	cpe:2.3:a:oracle:communications_operations_monitor:3.4:::::::*
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:::::::*
	cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:::::::*
	cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:::::::*
	cpe:2.3:a:oracle:health_sciences_inform:6.3.0:::::::*
	cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:::::::*
	cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:::::::*
	cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:::::::*
	cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:::::::*
	cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:::::::*
	cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::
	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::
	cpe:2.3:a:oracle:oss_support_tools::::::::
	cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:::::::*
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:rest_data_services:11.2.0.4::::-:::
	cpe:2.3:a:oracle:rest_data_services:12.1.0.2::::-:::
	cpe:2.3:a:oracle:rest_data_services:12.2.0.1::::-:::
	cpe:2.3:a:oracle:rest_data_services:18c::::-:::
	cpe:2.3:a:oracle:rest_data_services:19c::::-:::
	cpe:2.3:a:oracle:siebel_mobile::::::::
	cpe:2.3:a:oracle:storagetek_acsls:8.5.1:::::::*
	cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:::::::*
	cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 14 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:::::::*
	cpe:2.3:a:netapp:hci_baseboard_management_controller:-:::::::*
	cpe:2.3:a:netapp:max_data:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_system_manager::::::::
	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*
	cpe:2.3:a:netapp:snapcenter_server:-:::::::*

Configuration 15 [-]

cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
A-MQ Interconnect 1.y for RHEL 6
qpid-dispatch-0:1.13.0-3.el6_10	cpe:/a:redhat:amq_interconnect:1::el6	RHSA-2020:4211	2020-10-08T00:00:00Z
A-MQ Interconnect 1.y for RHEL 7
qpid-dispatch-0:1.13.0-3.el7	cpe:/a:redhat:amq_interconnect:1::el7	RHSA-2020:4211	2020-10-08T00:00:00Z
A-MQ Interconnect 1.y for RHEL 8
qpid-dispatch-0:1.13.0-3.el8	cpe:/a:redhat:amq_interconnect:1::el8	RHSA-2020:4211	2020-10-08T00:00:00Z
Discovery 1 for RHEL 9
discovery/discovery-server-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
discovery/discovery-ui-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
Openshift Service Mesh 1.1
kiali-0:v1.12.10.redhat2-1.el7	cpe:/a:redhat:service_mesh:1.1::el7	RHSA-2020:3369	2020-08-06T00:00:00Z
OpenShift Service Mesh 1.1
ior-0:1.1.6-1.el8	cpe:/a:redhat:service_mesh:1.1::el8	RHSA-2020:3369	2020-08-06T00:00:00Z
servicemesh-0:1.1.6-1.el8	cpe:/a:redhat:service_mesh:1.1::el8	RHSA-2020:3369	2020-08-06T00:00:00Z
servicemesh-cni-0:1.1.6-1.el8	cpe:/a:redhat:service_mesh:1.1::el8	RHSA-2020:3369	2020-08-06T00:00:00Z
servicemesh-grafana-0:6.4.3-13.el8	cpe:/a:redhat:service_mesh:1.1::el8	RHSA-2020:3369	2020-08-06T00:00:00Z
servicemesh-operator-0:1.1.6-2.el8	cpe:/a:redhat:service_mesh:1.1::el8	RHSA-2020:3369	2020-08-06T00:00:00Z
servicemesh-prometheus-0:2.14.0-14.el8	cpe:/a:redhat:service_mesh:1.1::el8	RHSA-2020:3369	2020-08-06T00:00:00Z
Red Hat Ansible Tower 3.6 for RHEL 7
ansible-tower-36/ansible-tower:3.6.7-1	cpe:/a:redhat:ansible_tower:3.6::el7	RHSA-2021:0778	2021-03-09T00:00:00Z
Red Hat Ansible Tower 3.7 for RHEL 7
ansible-tower-37/ansible-tower-rhel7:3.7.4-1	cpe:/a:redhat:ansible_tower:3.7::el7	RHSA-2020:5249	2020-11-30T00:00:00Z
Red Hat Enterprise Linux 7
pki-core-0:10.5.18-12.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2021:0851	2021-03-16T00:00:00Z
ipa-0:4.6.8-5.el7_9.4	cpe:/o:redhat:enterprise_linux:7	RHSA-2021:0860	2021-03-16T00:00:00Z
pcs-0:0.9.169-3.el7_9.3	cpe:/o:redhat:enterprise_linux:7	RHSA-2022:7343	2022-11-02T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
doxygen-1:1.8.5-3.el7_7.1	cpe:/o:redhat:rhel_aus:7.7	RHSA-2025:1256	2025-02-10T00:00:00Z
ipa-0:4.6.5-11.el7_7.5	cpe:/o:redhat:rhel_aus:7.7	RHSA-2025:1514	2025-02-17T00:00:00Z
gcc-0:4.8.5-40.el7_7	cpe:/o:redhat:rhel_aus:7.7	RHSA-2025:1580	2025-02-17T00:00:00Z
pki-core-0:10.5.16-8.el7_7	cpe:/o:redhat:rhel_aus:7.7	RHSA-2025:2426	2025-03-06T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Support
doxygen-1:1.8.5-4.el7_9.1	cpe:/o:redhat:rhel_els:7	RHSA-2025:1255	2025-02-10T00:00:00Z
gcc-0:4.8.5-45.el7_9	cpe:/o:redhat:rhel_els:7	RHSA-2025:1601	2025-02-17T00:00:00Z
Red Hat Enterprise Linux 8
pki-core:10.6-8030020200911215836.5ff1562f	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
pki-deps:10.6-8030020200527165326.30b713e6	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
idm:client-8040020210319141812.479738cf	cpe:/a:redhat:enterprise_linux:8	RHSA-2021:1846	2021-05-18T00:00:00Z
idm:DL1-8040020210319141752.1f8cbe47	cpe:/a:redhat:enterprise_linux:8	RHSA-2021:1846	2021-05-18T00:00:00Z
tbb-0:2018.2-10.el8_10.1	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1215	2025-02-10T00:00:00Z
gcc-0:8.5.0-23.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1301	2025-02-11T00:00:00Z
gcc-toolset-13-gcc-0:13.3.1-2.2.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1306	2025-02-11T00:00:00Z
gcc-toolset-14-gcc-0:14.2.1-7.1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1338	2025-02-12T00:00:00Z
doxygen-1:1.8.14-13.el8_10	cpe:/a:redhat:enterprise_linux:8::crb	RHSA-2025:1314	2025-02-11T00:00:00Z
pcs-0:0.10.10-4.el8	cpe:/a:redhat:enterprise_linux:8::highavailability	RHSA-2021:4142	2021-11-09T00:00:00Z
gcc-0:8.5.0-23.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2025:1301	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
tbb-0:2018.2-9.el8_2.1	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:1217	2025-02-10T00:00:00Z
gcc-0:8.3.1-8.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:1310	2025-02-11T00:00:00Z
idm:DL1-8020020250212111622.792f4060	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:1515	2025-02-17T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
tbb-0:2018.2-10.el8_4.1	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:1212	2025-02-10T00:00:00Z
gcc-0:8.4.1-1.4.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:1312	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
tbb-0:2018.2-10.el8_4.1	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:1212	2025-02-10T00:00:00Z
gcc-0:8.4.1-1.4.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:1312	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
tbb-0:2018.2-10.el8_4.1	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:1212	2025-02-10T00:00:00Z
gcc-0:8.4.1-1.4.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:1312	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
tbb-0:2018.2-10.el8_6.1	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:1216	2025-02-10T00:00:00Z
gcc-0:8.5.0-10.4.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:1308	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
tbb-0:2018.2-10.el8_6.1	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:1216	2025-02-10T00:00:00Z
gcc-0:8.5.0-10.4.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:1308	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
tbb-0:2018.2-10.el8_6.1	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:1216	2025-02-10T00:00:00Z
gcc-0:8.5.0-10.4.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:1308	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
tbb-0:2018.2-10.el8_8.1	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:1214	2025-02-10T00:00:00Z
gcc-0:8.5.0-18.3.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:1311	2025-02-11T00:00:00Z
doxygen-1:1.8.14-13.el8_8	cpe:/a:redhat:rhel_eus:8.8::crb	RHSA-2025:1247	2025-02-10T00:00:00Z
Red Hat Enterprise Linux 9
tbb-0:2020.3-8.el9_5.1	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1210	2025-02-10T00:00:00Z
gcc-toolset-14-gcc-0:14.2.1-1.3.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1300	2025-02-11T00:00:00Z
gcc-toolset-13-gcc-0:13.3.1-2.2.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1309	2025-02-11T00:00:00Z
gcc-0:11.5.0-5.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1346	2025-02-12T00:00:00Z
doxygen-1:1.9.1-12.el9_5	cpe:/a:redhat:enterprise_linux:9::crb	RHSA-2025:1329	2025-02-11T00:00:00Z
gcc-0:11.5.0-5.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2025:1346	2025-02-12T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
tbb-0:2020.3-8.el9_0.1	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:1213	2025-02-10T00:00:00Z
gcc-0:11.2.1-9.5.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:1305	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
tbb-0:2020.3-8.el9_2.1	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:1209	2025-02-10T00:00:00Z
gcc-0:11.3.1-4.4.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:1303	2025-02-11T00:00:00Z
doxygen-1:1.9.1-12.el9_2	cpe:/a:redhat:rhel_eus:9.2::crb	RHSA-2025:1185	2025-02-10T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
tbb-0:2020.3-8.el9_4.1	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:1211	2025-02-10T00:00:00Z
gcc-0:11.4.1-4.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:1304	2025-02-11T00:00:00Z
gcc-toolset-13-gcc-0:13.3.1-2.2.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:1342	2025-02-12T00:00:00Z
doxygen-1:1.9.1-12.el9_4	cpe:/a:redhat:rhel_eus:9.4::crb	RHSA-2025:1315	2025-02-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
jquery	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2023:0556	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:0553	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:0554	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:0552	2023-01-31T00:00:00Z
Red Hat OpenShift Container Platform 4.5
openshift4/ose-console:v4.5.0-202007012112.p0	cpe:/a:redhat:openshift:4.5::el7	RHSA-2020:2412	2020-07-13T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-grafana:v4.6.0-202010061132.p0	cpe:/a:redhat:openshift:4.6::el8	RHSA-2020:4298	2020-10-27T00:00:00Z
openshift4/ose-prometheus:v4.6.0-202009290409.p0	cpe:/a:redhat:openshift:4.6::el8	RHSA-2020:4298	2020-10-27T00:00:00Z
Red Hat OpenStack Platform 16.1
python-XStatic-jQuery224-0:2.2.4.1-3.el8ost	cpe:/a:redhat:openstack:16.1::el8	RHSA-2020:5412	2020-12-15T00:00:00Z
Red Hat OpenStack Platform 16.2
python-django20-0:2.0.13-19.el8ost	cpe:/a:redhat:openstack:16.2::el8	RHSA-2025:1070	2025-02-05T00:00:00Z
Red Hat Quay 3
quay/clair-rhel8:v3.13.4-2	cpe:/a:redhat:quay:3::el8	RHBA-2025:1079	2025-02-24T00:00:00Z
quay/quay-bridge-operator-bundle:v3.13.4-2	cpe:/a:redhat:quay:3::el8	RHBA-2025:1079	2025-02-24T00:00:00Z
quay/quay-bridge-operator-rhel8:v3.13.4-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1079	2025-02-24T00:00:00Z
quay/quay-builder-qemu-rhcos-rhel8:v3.13.4-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1079	2025-02-24T00:00:00Z
quay/quay-builder-rhel8:v3.13.4-2	cpe:/a:redhat:quay:3::el8	RHBA-2025:1079	2025-02-24T00:00:00Z
quay/quay-container-security-operator-bundle:v3.13.4-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1079	2025-02-24T00:00:00Z
quay/quay-container-security-operator-rhel8:v3.13.4-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1079	2025-02-24T00:00:00Z
quay/quay-operator-bundle:v3.13.4-9	cpe:/a:redhat:quay:3::el8	RHBA-2025:1079	2025-02-24T00:00:00Z
quay/quay-operator-rhel8:v3.13.4-3	cpe:/a:redhat:quay:3::el8	RHBA-2025:1079	2025-02-24T00:00:00Z
quay/quay-rhel8:v3.13.4-6	cpe:/a:redhat:quay:3::el8	RHBA-2025:1079	2025-02-24T00:00:00Z
quay/clair-rhel8:v3.9.10-3	cpe:/a:redhat:quay:3::el8	RHBA-2025:1597	2025-02-24T00:00:00Z
quay/quay-bridge-operator-bundle:v3.9.10-7	cpe:/a:redhat:quay:3::el8	RHBA-2025:1597	2025-02-24T00:00:00Z
quay/quay-bridge-operator-rhel8:v3.9.10-3	cpe:/a:redhat:quay:3::el8	RHBA-2025:1597	2025-02-24T00:00:00Z
quay/quay-builder-qemu-rhcos-rhel8:v3.9.10-4	cpe:/a:redhat:quay:3::el8	RHBA-2025:1597	2025-02-24T00:00:00Z
quay/quay-builder-rhel8:v3.9.10-7	cpe:/a:redhat:quay:3::el8	RHBA-2025:1597	2025-02-24T00:00:00Z
quay/quay-container-security-operator-bundle:v3.9.10-2	cpe:/a:redhat:quay:3::el8	RHBA-2025:1597	2025-02-24T00:00:00Z
quay/quay-container-security-operator-rhel8:v3.9.10-2	cpe:/a:redhat:quay:3::el8	RHBA-2025:1597	2025-02-24T00:00:00Z
quay/quay-operator-bundle:v3.9.10-16	cpe:/a:redhat:quay:3::el8	RHBA-2025:1597	2025-02-24T00:00:00Z
quay/quay-operator-rhel8:v3.9.10-2	cpe:/a:redhat:quay:3::el8	RHBA-2025:1597	2025-02-24T00:00:00Z
quay/quay-rhel8:v3.9.10-7	cpe:/a:redhat:quay:3::el8	RHBA-2025:1597	2025-02-24T00:00:00Z
quay/clair-rhel8:v3.12.8-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1598	2025-02-24T00:00:00Z
quay/quay-bridge-operator-bundle:v3.12.8-3	cpe:/a:redhat:quay:3::el8	RHBA-2025:1598	2025-02-24T00:00:00Z
quay/quay-bridge-operator-rhel8:v3.12.8-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1598	2025-02-24T00:00:00Z
quay/quay-builder-qemu-rhcos-rhel8:v3.12.8-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1598	2025-02-24T00:00:00Z
quay/quay-builder-rhel8:v3.12.8-2	cpe:/a:redhat:quay:3::el8	RHBA-2025:1598	2025-02-24T00:00:00Z
quay/quay-container-security-operator-bundle:v3.12.8-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1598	2025-02-24T00:00:00Z
quay/quay-container-security-operator-rhel8:v3.12.8-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1598	2025-02-24T00:00:00Z
quay/quay-operator-bundle:v3.12.8-4	cpe:/a:redhat:quay:3::el8	RHBA-2025:1598	2025-02-24T00:00:00Z
quay/quay-operator-rhel8:v3.12.8-2	cpe:/a:redhat:quay:3::el8	RHBA-2025:1598	2025-02-24T00:00:00Z
quay/quay-rhel8:v3.12.8-2	cpe:/a:redhat:quay:3::el8	RHBA-2025:1598	2025-02-24T00:00:00Z
quay/clair-rhel8:v3.11.9-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1599	2025-02-24T00:00:00Z
quay/quay-bridge-operator-bundle:v3.11.9-2	cpe:/a:redhat:quay:3::el8	RHBA-2025:1599	2025-02-24T00:00:00Z
quay/quay-bridge-operator-rhel8:v3.11.9-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1599	2025-02-24T00:00:00Z
quay/quay-builder-qemu-rhcos-rhel8:v3.11.9-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1599	2025-02-24T00:00:00Z
quay/quay-builder-rhel8:v3.11.9-3	cpe:/a:redhat:quay:3::el8	RHBA-2025:1599	2025-02-24T00:00:00Z
quay/quay-container-security-operator-bundle:v3.11.9-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1599	2025-02-24T00:00:00Z
quay/quay-container-security-operator-rhel8:v3.11.9-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1599	2025-02-24T00:00:00Z
quay/quay-operator-bundle:v3.11.9-8	cpe:/a:redhat:quay:3::el8	RHBA-2025:1599	2025-02-24T00:00:00Z
quay/quay-operator-rhel8:v3.11.9-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1599	2025-02-24T00:00:00Z
quay/quay-rhel8:v3.11.9-5	cpe:/a:redhat:quay:3::el8	RHBA-2025:1599	2025-02-24T00:00:00Z
quay/clair-rhel8:v3.10.9-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1600	2025-02-24T00:00:00Z
quay/quay-bridge-operator-bundle:v3.10.9-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1600	2025-02-24T00:00:00Z
quay/quay-bridge-operator-rhel8:v3.10.9-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1600	2025-02-24T00:00:00Z
quay/quay-builder-qemu-rhcos-rhel8:v3.10.9-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1600	2025-02-24T00:00:00Z
quay/quay-builder-rhel8:v3.10.9-2	cpe:/a:redhat:quay:3::el8	RHBA-2025:1600	2025-02-24T00:00:00Z
quay/quay-container-security-operator-bundle:v3.10.9-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1600	2025-02-24T00:00:00Z
quay/quay-container-security-operator-rhel8:v3.10.9-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1600	2025-02-24T00:00:00Z
quay/quay-operator-bundle:v3.10.9-4	cpe:/a:redhat:quay:3::el8	RHBA-2025:1600	2025-02-24T00:00:00Z
quay/quay-operator-rhel8:v3.10.9-1	cpe:/a:redhat:quay:3::el8	RHBA-2025:1600	2025-02-24T00:00:00Z
quay/quay-rhel8:v3.10.9-2	cpe:/a:redhat:quay:3::el8	RHBA-2025:1600	2025-02-24T00:00:00Z
Red Hat Single Sign-On 7
keycloak-idp-jquery	cpe:/a:redhat:red_hat_single_sign_on:7.6	RHSA-2023:1049	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.4.1
js-jquery	cpe:/a:redhat:jboss_single_sign_on:7.4	RHSA-2020:2813	2020-07-02T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2023:1043	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2023:1044	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2023:1045	2023-03-01T00:00:00Z
Red Hat Virtualization Engine 4.4
ovirt-engine-ui-extensions-0:1.2.2-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2020:3247	2020-08-04T00:00:00Z
ovirt-web-ui-0:1.6.4-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2020:3807	2020-09-23T00:00:00Z
org.ovirt.engine-root-0:4.5.2.4-1	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2022:6393	2022-09-08T00:00:00Z
RHOL-5.8-RHEL-8
logging-kibana6-container-v6.8.1-479	cpe:/a:redhat:logging:5.8::el8	RHSA-2025:1983	2025-03-05T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
https://jquery.com/upgrade-guide/3.5/
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E
https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E
https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
https://nvd.nist.gov/vuln/detail/CVE-2020-11023
https://security.gentoo.org/glsa/202007-03
https://security.netapp.com/advisory/ntap-20200511-0006/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2020-11023
https://www.debian.org/security/2020/dsa-4693
https://www.drupal.org/sa-core-2020-002
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-02
https://www.tenable.com/security/tns-2021-10

History

Fri, 18 Apr 2025 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat quay
CPEs		cpe:/a:redhat:quay:3::el8
Vendors & Products		Redhat quay

Fri, 04 Apr 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netapp active Iq Unified Manager Netapp cloud Backup Netapp cloud Insights Storage Workload Security Agent Netapp hci Baseboard Management Controller Oracle blockchain Platform
CPEs		cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux:: cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vsphere:: cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows:: cpe:2.3:a:netapp:cloud_backup:-:::::::* cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:-:::::::* cpe:2.3:a:oracle:blockchain_platform:::::::: cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*
Vendors & Products		Netapp active Iq Unified Manager Netapp cloud Backup Netapp cloud Insights Storage Workload Security Agent Netapp hci Baseboard Management Controller Oracle blockchain Platform

Thu, 06 Mar 2025 02:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat logging
CPEs		cpe:/a:redhat:logging:5.8::el8
Vendors & Products		Redhat logging

Thu, 13 Feb 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:9

Thu, 13 Feb 2025 00:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat discovery Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus
CPEs		cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:openstack:16.2::el8 cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:8.8::crb cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.2::crb cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6 cpe:/o:redhat:discovery:1.0::el9 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:rhel_aus:7.7 cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat discovery Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Mon, 10 Feb 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2025-01-23'}`

Thu, 23 Jan 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37

Thu, 23 Jan 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-04-29T00:00:00.000Z

Updated: 2025-02-10T18:30:49.172Z

Reserved: 2020-03-30T00:00:00.000Z

Link: CVE-2020-11023

Vulnrichment

Updated: 2025-01-23T21:07:47.681Z

NVD

Status : Analyzed

Published: 2020-04-29T21:15:11.743

Modified: 2025-04-04T19:53:43.140

Link: CVE-2020-11023

Redhat

Severity : Moderate

Publid Date: 2020-04-29T00:00:00Z

Links: CVE-2020-11023 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-11023", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2025-02-10T18:30:49.172Z", "dateReserved": "2020-03-30T00:00:00.000Z", "datePublished": "2020-04-29T00:00:00.000Z"}, "containers": {"cna": {"title": "Potential XSS vulnerability in jQuery", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-31T02:06:42.262Z"}, "descriptions": [{"lang": "en", "value": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."}], "affected": [{"vendor": "jquery", "product": "jQuery", "versions": [{"version": ">= 1.0.3, < 3.5.0", "status": "affected"}]}], "references": [{"name": "DSA-4693", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2020/dsa-4693"}, {"name": "FEDORA-2020-36d2db5f51", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"url": "https://jquery.com/upgrade-guide/3.5/"}, {"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"}, {"url": "https://www.drupal.org/sa-core-2020-002"}, {"url": "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6"}, {"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"}, {"name": "openSUSE-SU-2020:1060", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"}, {"name": "GLSA-202007-03", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202007-03"}, {"name": "openSUSE-SU-2020:1106", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"}, {"name": "[hive-issues] 20200813 [jira] [Assigned] (HIVE-24039) update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-dev] 20200813 [jira] [Created] (HIVE-24039) update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E"}, {"name": "[hive-issues] 20200813 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-gitbox] 20200813 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E"}, {"name": "[hive-issues] 20200902 [jira] [Work started] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-issues] 20200902 [jira] [Commented] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-issues] 20200902 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-issues] 20200902 [jira] [Comment Edited] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-issues] 20200904 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E"}, {"name": "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E"}, {"name": "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E"}, {"name": "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E"}, {"name": "FEDORA-2020-fbb94073a1", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/"}, {"name": "FEDORA-2020-0b32a59b54", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/"}, {"name": "[hive-issues] 20200915 [jira] [Resolved] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-commits] 20200915 [hive] branch master updated: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023 (#1403)", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E"}, {"name": "[hive-issues] 20200915 [jira] [Work logged] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-gitbox] 20200915 [GitHub] [hive] kgyrtkirk merged pull request #1403: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E"}, {"name": "[hive-issues] 20200915 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E"}, {"name": "FEDORA-2020-fe94df8c34", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/"}, {"name": "[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E"}, {"name": "openSUSE-SU-2020:1888", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"}, {"name": "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E"}, {"name": "[felix-dev] 20201208 [jira] [Created] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E"}, {"name": "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E"}, {"name": "[felix-dev] 20201208 [GitHub] [felix-dev] cziegeler merged pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E"}, {"name": "[felix-dev] 20201208 [GitHub] [felix-dev] abhishekgarg18 opened a new pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E"}, {"name": "[felix-dev] 20201208 [jira] [Commented] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E"}, {"name": "[felix-dev] 20201208 [jira] [Assigned] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E"}, {"name": "[felix-commits] 20201208 [felix-dev] branch master updated: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023 (#64)", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E"}, {"name": "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.5.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"name": "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E"}, {"name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"}, {"name": "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"url": "https://www.tenable.com/security/tns-2021-10"}, {"url": "https://www.tenable.com/security/tns-2021-02"}, {"url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79"}]}], "source": {"advisory": "GHSA-jpcq-cgw6-v4j6", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-01-23T21:07:47.681Z"}, "references": [{"url": "https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37"}, {"name": "DSA-4693", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4693"}, {"name": "FEDORA-2020-36d2db5f51", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"}, {"tags": ["x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_transferred"], "url": "https://jquery.com/upgrade-guide/3.5/"}, {"tags": ["x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200511-0006/"}, {"tags": ["x_transferred"], "url": "https://www.drupal.org/sa-core-2020-002"}, {"tags": ["x_transferred"], "url": "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6"}, {"tags": ["x_transferred"], "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"}, {"name": "openSUSE-SU-2020:1060", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"}, {"name": "GLSA-202007-03", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202007-03"}, {"name": "openSUSE-SU-2020:1106", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"}, {"name": "[hive-issues] 20200813 [jira] [Assigned] (HIVE-24039) update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-dev] 20200813 [jira] [Created] (HIVE-24039) update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E"}, {"name": "[hive-issues] 20200813 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-gitbox] 20200813 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E"}, {"name": "[hive-issues] 20200902 [jira] [Work started] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-issues] 20200902 [jira] [Commented] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-issues] 20200902 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-issues] 20200902 [jira] [Comment Edited] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-issues] 20200904 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E"}, {"name": "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E"}, {"name": "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E"}, {"name": "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E"}, {"name": "FEDORA-2020-fbb94073a1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/"}, {"name": "FEDORA-2020-0b32a59b54", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/"}, {"name": "[hive-issues] 20200915 [jira] [Resolved] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-commits] 20200915 [hive] branch master updated: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023 (#1403)", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E"}, {"name": "[hive-issues] 20200915 [jira] [Work logged] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E"}, {"name": "[hive-gitbox] 20200915 [GitHub] [hive] kgyrtkirk merged pull request #1403: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E"}, {"name": "[hive-issues] 20200915 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E"}, {"name": "FEDORA-2020-fe94df8c34", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/"}, {"name": "[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"}, {"tags": ["x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E"}, {"name": "openSUSE-SU-2020:1888", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"}, {"name": "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E"}, {"name": "[felix-dev] 20201208 [jira] [Created] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E"}, {"name": "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E"}, {"name": "[felix-dev] 20201208 [GitHub] [felix-dev] cziegeler merged pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E"}, {"name": "[felix-dev] 20201208 [GitHub] [felix-dev] abhishekgarg18 opened a new pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E"}, {"name": "[felix-dev] 20201208 [jira] [Commented] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E"}, {"name": "[felix-dev] 20201208 [jira] [Assigned] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E"}, {"name": "[felix-commits] 20201208 [felix-dev] branch master updated: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023 (#64)", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E"}, {"name": "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.5.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E"}, {"tags": ["x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"name": "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E"}, {"name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"}, {"name": "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E"}, {"tags": ["x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_transferred"], "url": "https://www.tenable.com/security/tns-2021-10"}, {"tags": ["x_transferred"], "url": "https://www.tenable.com/security/tns-2021-02"}, {"tags": ["x_transferred"], "url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html"}, {"tags": ["x_transferred"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E"}, {"tags": ["x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-23T18:07:17.892570Z", "id": "CVE-2020-11023", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2025-01-23", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-11023"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T18:30:49.172Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37"}, {"url": "https://www.debian.org/security/2020/dsa-4693", "name": "DSA-4693", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/", "name": "FEDORA-2020-36d2db5f51", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["x_transferred"]}, {"url": "https://jquery.com/upgrade-guide/3.5/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20200511-0006/", "tags": ["x_transferred"]}, {"url": "https://www.drupal.org/sa-core-2020-002", "tags": ["x_transferred"]}, {"url": "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6", "tags": ["x_transferred"]}, {"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released", "tags": ["x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", "name": "openSUSE-SU-2020:1060", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202007-03", "name": "GLSA-202007-03", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", "name": "openSUSE-SU-2020:1106", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200813 [jira] [Assigned] (HIVE-24039) update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E", "name": "[hive-dev] 20200813 [jira] [Created] (HIVE-24039) update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200813 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E", "name": "[hive-gitbox] 20200813 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200902 [jira] [Work started] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200902 [jira] [Commented] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200902 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200902 [jira] [Comment Edited] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200904 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E", "name": "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E", "name": "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E", "name": "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E", "name": "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/", "name": "FEDORA-2020-fbb94073a1", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/", "name": "FEDORA-2020-0b32a59b54", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200915 [jira] [Resolved] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E", "name": "[hive-commits] 20200915 [hive] branch master updated: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023 (#1403)", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200915 [jira] [Work logged] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E", "name": "[hive-gitbox] 20200915 [GitHub] [hive] kgyrtkirk merged pull request #1403: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200915 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/", "name": "FEDORA-2020-fe94df8c34", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E", "name": "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", "name": "openSUSE-SU-2020:1888", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [jira] [Created] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [GitHub] [felix-dev] cziegeler merged pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [GitHub] [felix-dev] abhishekgarg18 opened a new pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [jira] [Commented] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [jira] [Assigned] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E", "name": "[felix-commits] 20201208 [felix-dev] branch master updated: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023 (#64)", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.5.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", "name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["x_transferred"]}, {"url": "https://www.tenable.com/security/tns-2021-10", "tags": ["x_transferred"]}, {"url": "https://www.tenable.com/security/tns-2021-02", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", "tags": ["mailing-list", "x_transferred"]}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-01-23T21:07:47.681Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-11023", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-23T18:07:17.892570Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2025-01-23", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-11023"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-23T18:07:28.808Z"}}], "cna": {"title": "Potential XSS vulnerability in jQuery", "source": {"advisory": "GHSA-jpcq-cgw6-v4j6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "jquery", "product": "jQuery", "versions": [{"status": "affected", "version": ">= 1.0.3, < 3.5.0"}]}], "references": [{"url": "https://www.debian.org/security/2020/dsa-4693", "name": "DSA-4693", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/", "name": "FEDORA-2020-36d2db5f51", "tags": ["vendor-advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"url": "https://jquery.com/upgrade-guide/3.5/"}, {"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"}, {"url": "https://www.drupal.org/sa-core-2020-002"}, {"url": "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6"}, {"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", "name": "openSUSE-SU-2020:1060", "tags": ["vendor-advisory"]}, {"url": "https://security.gentoo.org/glsa/202007-03", "name": "GLSA-202007-03", "tags": ["vendor-advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", "name": "openSUSE-SU-2020:1106", "tags": ["vendor-advisory"]}, {"url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200813 [jira] [Assigned] (HIVE-24039) update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E", "name": "[hive-dev] 20200813 [jira] [Created] (HIVE-24039) update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200813 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E", "name": "[hive-gitbox] 20200813 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200902 [jira] [Work started] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200902 [jira] [Commented] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200902 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200902 [jira] [Comment Edited] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200904 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E", "name": "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E", "name": "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E", "name": "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E", "name": "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/", "name": "FEDORA-2020-fbb94073a1", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/", "name": "FEDORA-2020-0b32a59b54", "tags": ["vendor-advisory"]}, {"url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200915 [jira] [Resolved] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E", "name": "[hive-commits] 20200915 [hive] branch master updated: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023 (#1403)", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200915 [jira] [Work logged] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E", "name": "[hive-gitbox] 20200915 [GitHub] [hive] kgyrtkirk merged pull request #1403: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200915 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/", "name": "FEDORA-2020-fe94df8c34", "tags": ["vendor-advisory"]}, {"url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html", "tags": ["mailing-list"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E", "name": "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", "name": "openSUSE-SU-2020:1888", "tags": ["vendor-advisory"]}, {"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [jira] [Created] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [GitHub] [felix-dev] cziegeler merged pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [GitHub] [felix-dev] abhishekgarg18 opened a new pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [jira] [Commented] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [jira] [Assigned] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E", "name": "[felix-commits] 20201208 [felix-dev] branch master updated: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023 (#64)", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E", "name": "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.5.0 is vulnerable to CVE-2020-11023", "tags": ["mailing-list"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", "name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"]}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"url": "https://www.tenable.com/security/tns-2021-10"}, {"url": "https://www.tenable.com/security/tns-2021-02"}, {"url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", "tags": ["mailing-list"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-31T02:06:42.262Z"}}}, "cveMetadata": {"cveId": "CVE-2020-11023", "state": "PUBLISHED", "dateUpdated": "2025-02-10T18:30:49.172Z", "dateReserved": "2020-03-30T00:00:00.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2020-04-29T00:00:00.000Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cisaActionDue": "2025-02-13", "cisaExploitAdd": "2025-01-23", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "JQuery Cross-Site Scripting (XSS) Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "matchCriteriaId": "1888A4D3-5058-41FC-9F3B-E837CFC0505C", "versionEndExcluding": "3.5.0", "versionStartIncluding": "1.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "70C672EE-2027-4A29-8C14-3450DEF1462A", "versionEndExcluding": "7.70", "versionStartIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBFE42E2-6583-4EBE-B320-B8CF9CA0C3BC", "versionEndExcluding": "8.7.14", "versionStartIncluding": "8.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BA49DB0-ECC3-4155-B76C-0CA292600DE6", "versionEndExcluding": "8.8.6", "versionStartIncluding": "8.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*", "matchCriteriaId": "96FC5AC6-88AC-4C4D-8692-7489D6DE8E16", "versionEndExcluding": "20.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*", "matchCriteriaId": "660DB443-6250-4956-ABD1-C6A522B8DCCA", "versionEndIncluding": "2.8.0", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "3625D477-1338-46CB-90B1-7291D617DC39", "versionEndIncluding": "2.10.0", "versionStartIncluding": "2.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7", "versionEndExcluding": "21.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "2ECE8F5F-4417-4412-B857-F1ACDEED4FC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892", "versionEndIncluding": "16.4.0", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*", "matchCriteriaId": "324821D1-6A7A-4D46-A1C5-03D688F7A32A", "versionEndIncluding": "6.4", "versionStartIncluding": "6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9264AF8A-3819-40E5-BBCB-3B6C95A0D828", "versionEndIncluding": "4.3", "versionStartIncluding": "4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA77B994-3872-4059-854B-0974AA5593D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "8198E762-9AD9-452B-B1AF-516E52436B7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "51DB64CA-8953-43BB-AEA9-D0D7E91E9FE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*", "matchCriteriaId": "4CCE1968-016C-43C1-9EE1-FD9F978B688F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*", "matchCriteriaId": "5B5DBF4C-84BB-4537-BD8D-E10C5A4B69F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "52893362-272A-4AED-9167-6613C2E86385", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1F726C6-EA5A-40FF-8809-4F48E4AE6976", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CD7C26E3-BB0D-4218-8176-319AEA2925C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "DD67072F-3CFC-480D-9360-81A05D523318", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "652E762A-BCDD-451E-9DE3-F1555C1E4B16", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "0A6675A3-684B-4486-A451-C6688F1C821B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D4EF35F-B239-4820-936F-0FA51DECA8A2", "versionEndExcluding": "9.2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABEF6749-518B-4D0F-8EA6-40E9FBE4CE0B", "versionEndExcluding": "9.2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "61B4D874-CCF2-4C78-A823-69A62FA1F6C3", "versionEndExcluding": "2.12.41", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "A0502309-C0D6-4530-9D92-F10B3B36DE14", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CB8F81A-D028-4258-9A4F-ADEE25BE95FC", "versionEndIncluding": "16.2.11", "versionStartIncluding": "16.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4AA3854-C9FD-4287-85A0-EE7907D1E1ED", "versionEndIncluding": "17.12.7", "versionStartIncluding": "17.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8CD4002-F310-4BE4-AF7B-4BCCB17DA6FF", "versionEndIncluding": "18.8.9", "versionStartIncluding": "18.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "69112C56-7747-4E11-A938-85A481529F58", "versionEndIncluding": "19.12.4", "versionStartIncluding": "19.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*", "matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*", "matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*", "matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*", "matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*", "matchCriteriaId": "C5F4C40E-3ABC-4C59-B226-224262DCFF37", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FF424F8-E15C-415D-A170-EC6450F35282", "versionEndIncluding": "20.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7737E073-B46E-456E-807C-FBEA43872A33", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "174A6D2E-E42E-4C92-A194-C6A820CD7EF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "C93821CF-3117-4763-8163-DD49F6D2CA8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD1FCB0D-3E19-4461-9330-4D7F02972A35", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9273745-6408-4CD3-94E8-9385D4F5FE69", "versionEndIncluding": "3.1.3", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "E788440A-02B0-45F5-AFBC-7109F3177033", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "4ACF85D6-6B45-43DA-9C01-F0208186F014", "versionEndExcluding": "6.0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."}, {"lang": "es", "value": "En jQuery versiones mayores o iguales a 1.0.3 y anteriores a la versi\u00f3n 3.5.0, passing HTML contiene elementos de fuentes no seguras \u2013 incluso despu\u00e9s de sanearlo \u2013 para uno de los m\u00e9todos de manipulaci\u00f3n de jQuery \u00b4s DOM ( i.e. html t(), adjunto (), y otros ) podr\u00edan ejecutar c\u00f3digos no seguros. Este problema est\u00e1 corregido en JQuery 3.5.0."}], "id": "CVE-2020-11023", "lastModified": "2025-04-04T19:53:43.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-29T21:15:11.743", "references": [{"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"}, {"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"}, {"source": "security-advisories@github.com", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://jquery.com/upgrade-guide/3.5/"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202007-03"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200511-0006/"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.debian.org/security/2020/dsa-4693"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://www.drupal.org/sa-core-2020-002"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-02"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://jquery.com/upgrade-guide/3.5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202007-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200511-0006/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.debian.org/security/2020/dsa-4693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.drupal.org/sa-core-2020-002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-10"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:4211", "cpe": "cpe:/a:redhat:amq_interconnect:1::el6", "package": "qpid-dispatch-0:1.13.0-3.el6_10", "product_name": "A-MQ Interconnect 1.y for RHEL 6", "release_date": "2020-10-08T00:00:00Z"}, {"advisory": "RHSA-2020:4211", "cpe": "cpe:/a:redhat:amq_interconnect:1::el7", "package": "qpid-dispatch-0:1.13.0-3.el7", "product_name": "A-MQ Interconnect 1.y for RHEL 7", "release_date": "2020-10-08T00:00:00Z"}, {"advisory": "RHSA-2020:4211", "cpe": "cpe:/a:redhat:amq_interconnect:1::el8", "package": "qpid-dispatch-0:1.13.0-3.el8", "product_name": "A-MQ Interconnect 1.y for RHEL 8", "release_date": "2020-10-08T00:00:00Z"}, {"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-server-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-ui-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el7", "package": "kiali-0:v1.12.10.redhat2-1.el7", "product_name": "Openshift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "package": "ior-0:1.1.6-1.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "package": "servicemesh-0:1.1.6-1.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "package": "servicemesh-cni-0:1.1.6-1.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "package": "servicemesh-grafana-0:6.4.3-13.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "package": "servicemesh-operator-0:1.1.6-2.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "package": "servicemesh-prometheus-0:2.14.0-14.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2021:0778", "cpe": "cpe:/a:redhat:ansible_tower:3.6::el7", "package": "ansible-tower-36/ansible-tower:3.6.7-1", "product_name": "Red Hat Ansible Tower 3.6 for RHEL 7", "release_date": "2021-03-09T00:00:00Z"}, {"advisory": "RHSA-2020:5249", "cpe": "cpe:/a:redhat:ansible_tower:3.7::el7", "package": "ansible-tower-37/ansible-tower-rhel7:3.7.4-1", "product_name": "Red Hat Ansible Tower 3.7 for RHEL 7", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2021:0851", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "pki-core-0:10.5.18-12.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0860", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ipa-0:4.6.8-5.el7_9.4", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2022:7343", "cpe": "cpe:/o:redhat:enterprise_linux:7", "impact": "low", "package": "pcs-0:0.9.169-3.el7_9.3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-11-02T00:00:00Z"}, {"advisory": "RHSA-2025:1256", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "doxygen-1:1.8.5-3.el7_7.1", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1514", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "ipa-0:4.6.5-11.el7_7.5", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2025-02-17T00:00:00Z"}, {"advisory": "RHSA-2025:1580", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "gcc-0:4.8.5-40.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2025-02-17T00:00:00Z"}, {"advisory": "RHSA-2025:2426", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "pki-core-0:10.5.16-8.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2025-03-06T00:00:00Z"}, {"advisory": "RHSA-2025:1255", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "doxygen-1:1.8.5-4.el7_9.1", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1601", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "gcc-0:4.8.5-45.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-02-17T00:00:00Z"}, {"advisory": "RHSA-2020:4847", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pki-core:10.6-8030020200911215836.5ff1562f", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4847", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pki-deps:10.6-8030020200527165326.30b713e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2021:1846", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "idm:client-8040020210319141812.479738cf", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1846", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "idm:DL1-8040020210319141752.1f8cbe47", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2025:1215", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "tbb-0:2018.2-10.el8_10.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1301", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gcc-0:8.5.0-23.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1306", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gcc-toolset-13-gcc-0:13.3.1-2.2.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1338", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gcc-toolset-14-gcc-0:14.2.1-7.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1314", "cpe": "cpe:/a:redhat:enterprise_linux:8::crb", "package": "doxygen-1:1.8.14-13.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2021:4142", "cpe": "cpe:/a:redhat:enterprise_linux:8::highavailability", "package": "pcs-0:0.10.10-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}, {"advisory": "RHSA-2025:1301", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gcc-0:8.5.0-23.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1217", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "tbb-0:2018.2-9.el8_2.1", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1310", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "gcc-0:8.3.1-8.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1515", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "idm:DL1-8020020250212111622.792f4060", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-02-17T00:00:00Z"}, {"advisory": "RHSA-2025:1212", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "tbb-0:2018.2-10.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1312", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "gcc-0:8.4.1-1.4.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1212", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "tbb-0:2018.2-10.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1312", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "gcc-0:8.4.1-1.4.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1212", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "tbb-0:2018.2-10.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1312", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "gcc-0:8.4.1-1.4.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1216", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "tbb-0:2018.2-10.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1308", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "gcc-0:8.5.0-10.4.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1216", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "tbb-0:2018.2-10.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1308", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "gcc-0:8.5.0-10.4.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1216", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "tbb-0:2018.2-10.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1308", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "gcc-0:8.5.0-10.4.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1214", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "tbb-0:2018.2-10.el8_8.1", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1311", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "gcc-0:8.5.0-18.3.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1247", "cpe": "cpe:/a:redhat:rhel_eus:8.8::crb", "package": "doxygen-1:1.8.14-13.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1210", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "tbb-0:2020.3-8.el9_5.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1300", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "gcc-toolset-14-gcc-0:14.2.1-1.3.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1309", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "gcc-toolset-13-gcc-0:13.3.1-2.2.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1346", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "gcc-0:11.5.0-5.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1329", "cpe": "cpe:/a:redhat:enterprise_linux:9::crb", "package": "doxygen-1:1.9.1-12.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1346", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "gcc-0:11.5.0-5.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1213", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "tbb-0:2020.3-8.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1305", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "gcc-0:11.2.1-9.5.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1209", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "tbb-0:2020.3-8.el9_2.1", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1303", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "gcc-0:11.3.1-4.4.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1185", "cpe": "cpe:/a:redhat:rhel_eus:9.2::crb", "package": "doxygen-1:1.9.1-12.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1211", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "tbb-0:2020.3-8.el9_4.1", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1304", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "gcc-0:11.4.1-4.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1342", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "gcc-toolset-13-gcc-0:13.3.1-2.2.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1315", "cpe": "cpe:/a:redhat:rhel_eus:9.4::crb", "package": "doxygen-1:1.9.1-12.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2023:0556", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "low", "package": "jquery", "product_name": "Red Hat JBoss Enterprise Application Platform 7", "release_date": "2023-01-31T00:00:00Z"}, {"advisory": "RHSA-2023:0553", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-01-31T00:00:00Z"}, {"advisory": "RHSA-2023:0554", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-01-31T00:00:00Z"}, {"advisory": "RHSA-2023:0552", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-01-31T00:00:00Z"}, {"advisory": "RHSA-2020:2412", "cpe": "cpe:/a:redhat:openshift:4.5::el7", "package": "openshift4/ose-console:v4.5.0-202007012112.p0", "product_name": "Red Hat OpenShift Container Platform 4.5", "release_date": "2020-07-13T00:00:00Z"}, {"advisory": "RHSA-2020:4298", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "package": "openshift4/ose-grafana:v4.6.0-202010061132.p0", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2020-10-27T00:00:00Z"}, {"advisory": "RHSA-2020:4298", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "package": "openshift4/ose-prometheus:v4.6.0-202009290409.p0", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2020-10-27T00:00:00Z"}, {"advisory": "RHSA-2020:5412", "cpe": "cpe:/a:redhat:openstack:16.1::el8", "package": "python-XStatic-jQuery224-0:2.2.4.1-3.el8ost", "product_name": "Red Hat OpenStack Platform 16.1", "release_date": "2020-12-15T00:00:00Z"}, {"advisory": "RHSA-2025:1070", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "python-django20-0:2.0.13-19.el8ost", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHBA-2025:1079", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/clair-rhel8:v3.13.4-2", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1079", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-bridge-operator-bundle:v3.13.4-2", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1079", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-bridge-operator-rhel8:v3.13.4-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1079", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-builder-qemu-rhcos-rhel8:v3.13.4-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1079", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-builder-rhel8:v3.13.4-2", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1079", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-container-security-operator-bundle:v3.13.4-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1079", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-container-security-operator-rhel8:v3.13.4-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1079", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-operator-bundle:v3.13.4-9", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1079", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-operator-rhel8:v3.13.4-3", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1079", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-rhel8:v3.13.4-6", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1597", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/clair-rhel8:v3.9.10-3", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1597", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-bridge-operator-bundle:v3.9.10-7", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1597", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-bridge-operator-rhel8:v3.9.10-3", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1597", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-builder-qemu-rhcos-rhel8:v3.9.10-4", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1597", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-builder-rhel8:v3.9.10-7", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1597", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-container-security-operator-bundle:v3.9.10-2", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1597", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-container-security-operator-rhel8:v3.9.10-2", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1597", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-operator-bundle:v3.9.10-16", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1597", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-operator-rhel8:v3.9.10-2", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1597", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-rhel8:v3.9.10-7", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1598", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/clair-rhel8:v3.12.8-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1598", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-bridge-operator-bundle:v3.12.8-3", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1598", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-bridge-operator-rhel8:v3.12.8-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1598", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-builder-qemu-rhcos-rhel8:v3.12.8-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1598", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-builder-rhel8:v3.12.8-2", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1598", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-container-security-operator-bundle:v3.12.8-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1598", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-container-security-operator-rhel8:v3.12.8-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1598", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-operator-bundle:v3.12.8-4", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1598", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-operator-rhel8:v3.12.8-2", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1598", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-rhel8:v3.12.8-2", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1599", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/clair-rhel8:v3.11.9-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1599", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-bridge-operator-bundle:v3.11.9-2", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1599", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-bridge-operator-rhel8:v3.11.9-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1599", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-builder-qemu-rhcos-rhel8:v3.11.9-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1599", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-builder-rhel8:v3.11.9-3", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1599", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-container-security-operator-bundle:v3.11.9-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1599", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-container-security-operator-rhel8:v3.11.9-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1599", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-operator-bundle:v3.11.9-8", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1599", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-operator-rhel8:v3.11.9-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1599", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-rhel8:v3.11.9-5", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1600", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/clair-rhel8:v3.10.9-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1600", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-bridge-operator-bundle:v3.10.9-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1600", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-bridge-operator-rhel8:v3.10.9-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1600", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-builder-qemu-rhcos-rhel8:v3.10.9-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1600", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-builder-rhel8:v3.10.9-2", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1600", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-container-security-operator-bundle:v3.10.9-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1600", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-container-security-operator-rhel8:v3.10.9-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1600", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-operator-bundle:v3.10.9-4", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1600", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-operator-rhel8:v3.10.9-1", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHBA-2025:1600", "cpe": "cpe:/a:redhat:quay:3::el8", "package": "quay/quay-rhel8:v3.10.9-2", "product_name": "Red Hat Quay 3", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHSA-2023:1049", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "package": "keycloak-idp-jquery", "product_name": "Red Hat Single Sign-On 7", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2020:2813", "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.4", "package": "js-jquery", "product_name": "Red Hat Single Sign-On 7.4.1", "release_date": "2020-07-02T00:00:00Z"}, {"advisory": "RHSA-2023:1043", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1044", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1045", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2020:3247", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "package": "ovirt-engine-ui-extensions-0:1.2.2-1.el8ev", "product_name": "Red Hat Virtualization Engine 4.4", "release_date": "2020-08-04T00:00:00Z"}, {"advisory": "RHSA-2020:3807", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "package": "ovirt-web-ui-0:1.6.4-1.el8ev", "product_name": "Red Hat Virtualization Engine 4.4", "release_date": "2020-09-23T00:00:00Z"}, {"advisory": "RHSA-2022:6393", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "package": "org.ovirt.engine-root-0:4.5.2.4-1", "product_name": "Red Hat Virtualization Engine 4.4", "release_date": "2022-09-08T00:00:00Z"}, {"advisory": "RHSA-2025:1983", "cpe": "cpe:/a:redhat:logging:5.8::el8", "package": "logging-kibana6-container-v6.8.1-479", "product_name": "RHOL-5.8-RHEL-8", "release_date": "2025-03-05T00:00:00Z"}], "bugzilla": {"description": "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", "id": "1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"}, "csaw": true, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.", "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2020-11023", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Out of support scope", "package_name": "cfme-gemset", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "jquery", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Not affected", "package_name": "org.webjars/jquery", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:apache_camel_hawtio:4", "fix_state": "Not affected", "package_name": "io.hawt-project", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Not affected", "package_name": "org.webjars/jquery", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Out of support scope", "package_name": "grafana", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Out of support scope", "package_name": "grafana-container", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Out of support scope", "package_name": "rhceph/rhceph-4-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/a:redhat:certificate_system:10", "fix_state": "Not affected", "package_name": "redhat-pki:10/redhat-pki", "product_name": "Red Hat Certificate System 10"}, {"cpe": "cpe:/a:redhat:certifications:1::el7", "fix_state": "Not affected", "package_name": "python-testtools", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:certifications:1::el7", "fix_state": "Not affected", "package_name": "redhat-certification", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "org.webjars/jquery", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "cockpit-session-recording", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "dogtag-pki", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "doxygen", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "gcc", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "gjs", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "mingw-gcc", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "mpdecimal", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "compat-gcc-295", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "compat-gcc-296", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "compat-gcc-32", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "compat-gcc-34", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "doxygen", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gcc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ipa", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "pcp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "python-coverage", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "python-weberror", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "cockpit", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "compat-gcc-32", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "compat-gcc-34", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "compat-gcc-44", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "pcp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "publican", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python-coverage", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "cmake", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "cockpit", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "cockpit-appstream", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "cockpit-composer", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "cockpit-session-recording", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "llvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mingw-gcc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mozjs60", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mpdecimal", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python-coverage", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python-docs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python-jinja2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python-pygments", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python-sphinx", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python-sqlalchemy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python-virtualenv", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "cockpit-composer", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "cockpit-session-recording", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gjs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "mingw-gcc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "mpdecimal", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "pki-core", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "polkit", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "python-sphinx", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "io.apicurio-apicurito", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "io.hawt-hawtio-integration", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "io.hawt-hawtio-online", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "io.hawt-project", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "io.syndesis-syndesis-parent", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "io.syndesis-syndesis-ui", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "jquery", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "org.infinispan-infinispan-management-console", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "org.jboss.hal-hal-parent", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "org.webjars/jquery", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "io.hawt-project", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "org.jboss.hal-hal-parent", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "org.webjars/jquery", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "io.hawt-project", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "org.jboss.hal-hal-parent", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "org.webjars/jquery", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "io.hawt-project", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "org.jboss.hal-hal-parent", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "org.webjars/jquery", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "atomic-openshift-web-console", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "openshift3/grafana", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "python-coverage", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "python-testtools", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "python-XStatic-jQuery", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "python-XStatic-jQuery", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:15", "fix_state": "Out of support scope", "package_name": "python-XStatic-jQuery", "product_name": "Red Hat OpenStack Platform 15 (Stein)"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "qpid-dispatch", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Not affected", "package_name": "python-django", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Not affected", "package_name": "python-pygraphviz", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Not affected", "package_name": "python-testtools", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Not affected", "package_name": "python-django", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Not affected", "package_name": "python-testtools", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "org.kie-process-migration-service", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "org.webjars/jquery", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Out of support scope", "package_name": "python27-python-coverage", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Out of support scope", "package_name": "python27-python-werkzeug", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Out of support scope", "package_name": "rh-python35-python-coverage", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Out of support scope", "package_name": "rh-python36-python-coverage", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Out of support scope", "package_name": "rh-ror42-rubygem-jquery-rails", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Out of support scope", "package_name": "rh-ror50-rubygem-jquery-rails", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Out of support scope", "package_name": "grafana", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Out of support scope", "package_name": "pcs", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Out of support scope", "package_name": "python-django", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Out of support scope", "package_name": "python-testtools", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Out of support scope", "package_name": "ovirt-engine", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Out of support scope", "package_name": "ovirt-engine-api-explorer", "product_name": "Red Hat Virtualization 4"}], "public_date": "2020-04-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-11023\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11023\nhttps://blog.jquery.com/2020/04/10/jquery-3-5-0-released/\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The 'gcc' and 'tbb' packages were potentially vulnerable via this method.\nOpenShift Container Platform 4 is not affected because even though it uses the 'gcc' component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nStatic code analysis controls ensure that security flaws, including XSS vulnerabilities, are detected early in development by scanning code for improper input handling. This prevents vulnerable code from reaching production and encourages our developers to follow secure coding practices. System monitoring controls play a crucial role in detecting and responding to XSS attacks by analyzing logs, monitoring user behavior, and generating alerts for suspicious activity. Meanwhile, AWS WAF (Web Application Firewall) adds an extra layer of defense by filtering and blocking malicious input before it reaches the platform and/or application. Together, these controls create a defense-in-depth approach, reducing the risk of XSS exploitation by preventing, detecting, and mitigating attacks at multiple levels.", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation active

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object