VulnerableCode Package Details - pkg:rpm/redhat/tbb@2020.3-8.el9_2?arch=1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/tbb@2020.3-8.el9_2?arch=1

Essentials
History (1)

purl	pkg:rpm/redhat/tbb@2020.3-8.el9_2?arch=1

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-cvxp-ctj9-guej Aliases: CVE-2020-11023 GHSA-jpcq-cgw6-v4j6	Potential XSS vulnerability in jQuery ### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patches This problem is patched in jQuery 3.5.0. ### Workarounds To workaround this issue without upgrading, use [DOMPurify](https://github.com/cure53/DOMPurify) with its `SAFE_FOR_JQUERY` option to sanitize the HTML string before passing it to a jQuery method. ### References https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ### For more information If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:08:33.865436+00:00	RedHat Importer	Affected by	VCID-cvxp-ctj9-guej	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11023.json	38.0.0