VulnerableCode Package Details - pkg:rpm/redhat/pcs@0.10.10-4?arch=el8

Search for packages

Vulnerability	Summary	Fixed by
VCID-3s9f-prpy-hbcx Aliases: CVE-2019-11358 GHSA-6c3j-c64m-qhgq	Cross-site Scripting The jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.`	There are no reported fixed by versions.
VCID-cvxp-ctj9-guej Aliases: CVE-2020-11023 GHSA-jpcq-cgw6-v4j6	Potential XSS vulnerability in jQuery ### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patches This problem is patched in jQuery 3.5.0. ### Workarounds To workaround this issue without upgrading, use [DOMPurify](https://github.com/cure53/DOMPurify) with its `SAFE_FOR_JQUERY` option to sanitize the HTML string before passing it to a jQuery method. ### References https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ### For more information If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.	There are no reported fixed by versions.
VCID-dakh-ccnn-xfan Aliases: CVE-2020-7656 GHSA-q4m3-2j7h-f7xw	Cross-Site Scripting in jquery Versions of `jquery` prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove `<script>` HTML tags that contain a whitespace character, i.e: `</script >`, which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser. ## Recommendation Upgrade to version 1.9.0 or later.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-3s9f-prpy-hbcx
Aliases:
CVE-2019-11358
GHSA-6c3j-c64m-qhgq

Cross-site Scripting The jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.`

There are no reported fixed by versions.

VCID-cvxp-ctj9-guej
Aliases:
CVE-2020-11023
GHSA-jpcq-cgw6-v4j6

Potential XSS vulnerability in jQuery ### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patches This problem is patched in jQuery 3.5.0. ### Workarounds To workaround this issue without upgrading, use [DOMPurify](https://github.com/cure53/DOMPurify) with its `SAFE_FOR_JQUERY` option to sanitize the HTML string before passing it to a jQuery method. ### References https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ### For more information If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.

There are no reported fixed by versions.

VCID-dakh-ccnn-xfan
Aliases:
CVE-2020-7656
GHSA-q4m3-2j7h-f7xw

Cross-Site Scripting in jquery Versions of `jquery` prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove `<script>` HTML tags that contain a whitespace character, i.e: `</script >`, which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser. ## Recommendation Upgrade to version 1.9.0 or later.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:20:40.171704+00:00	RedHat Importer	Affected by	VCID-3s9f-prpy-hbcx	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json	38.0.0
2026-04-01T14:08:31.979676+00:00	RedHat Importer	Affected by	VCID-cvxp-ctj9-guej	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11023.json	38.0.0
2026-04-01T14:07:04.434552+00:00	RedHat Importer	Affected by	VCID-dakh-ccnn-xfan	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7656.json	38.0.0