Search for packages
Package details: pkg:deb/debian/jquery@1.4.2-2
purl pkg:deb/debian/jquery@1.4.2-2
Next non-vulnerable version 3.3.1~dfsg-3+deb10u1
Latest non-vulnerable version 3.3.1~dfsg-3+deb10u1
Risk 10.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-3tdt-b5tc-aaak
Aliases:
CVE-2015-9251
GHSA-rmxg-73gg-4p98
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
3.1.1-2
Affected by 3 other vulnerabilities.
VCID-7dbv-wt1s-aaak
Aliases:
CVE-2020-7656
GHSA-q4m3-2j7h-f7xw
JQuery allows Cross-site Scripting attacks via the `load` method. The `load` method fails to recognize and remove `<script>` HTML tags that contain a whitespace character such as `</script >`.
3.1.1-2
Affected by 3 other vulnerabilities.
VCID-fhgh-jkwa-aaah
Aliases:
CVE-2020-11023
GHSA-jpcq-cgw6-v4j6
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
3.3.1~dfsg-3+deb10u1
Affected by 0 other vulnerabilities.
VCID-kkd1-e4k1-aaam
Aliases:
CVE-2020-11022
GHSA-gxr4-xjj5-5px2
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
3.3.1~dfsg-3+deb10u1
Affected by 0 other vulnerabilities.
VCID-q1qe-zr6p-aaap
Aliases:
CVE-2012-6708
GHSA-2pqj-h3vj-pqgw
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
1.11.3+dfsg-4~bpo8+1
Affected by 5 other vulnerabilities.
VCID-s9gd-bwju-aaas
Aliases:
CVE-2011-4969
GHSA-579v-mp3v-rrw5
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
1.7.2+dfsg-1
Affected by 6 other vulnerabilities.
VCID-tv97-anfg-aaam
Aliases:
CVE-2019-11358
GHSA-6c3j-c64m-qhgq
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
3.3.1~dfsg-3
Affected by 2 other vulnerabilities.
VCID-y1nr-y1pj-aaaf
Aliases:
CVE-2014-6071
jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.
1.7.2+dfsg-1
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T17:53:48.752968+00:00 Debian Oval Importer Affected by VCID-y1nr-y1pj-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:39:51.643732+00:00 Debian Oval Importer Affected by VCID-7dbv-wt1s-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:43:26.896716+00:00 Debian Oval Importer Affected by VCID-q1qe-zr6p-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:09:06.116407+00:00 Debian Oval Importer Affected by VCID-3tdt-b5tc-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:47:43.011648+00:00 Debian Oval Importer Affected by VCID-kkd1-e4k1-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:21:02.746632+00:00 Debian Oval Importer Affected by VCID-fhgh-jkwa-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:59:15.517095+00:00 Debian Oval Importer Affected by VCID-tv97-anfg-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:53:08.156356+00:00 Debian Oval Importer Affected by VCID-s9gd-bwju-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T00:54:39.403745+00:00 Debian Oval Importer Affected by VCID-fhgh-jkwa-aaah None 36.1.3
2025-06-21T00:21:30.619692+00:00 Debian Oval Importer Affected by VCID-s9gd-bwju-aaas None 36.1.3
2025-06-20T22:54:19.799856+00:00 Debian Oval Importer Affected by VCID-3tdt-b5tc-aaak None 36.1.3
2025-06-20T22:54:10.248784+00:00 Debian Oval Importer Affected by VCID-tv97-anfg-aaam None 36.1.3
2025-06-20T21:53:41.887066+00:00 Debian Oval Importer Affected by VCID-7dbv-wt1s-aaak None 36.1.3
2025-06-20T21:23:09.941424+00:00 Debian Oval Importer Affected by VCID-q1qe-zr6p-aaap None 36.1.3
2025-06-20T20:56:12.769676+00:00 Debian Oval Importer Affected by VCID-kkd1-e4k1-aaam None 36.1.3
2025-06-20T20:28:53.516058+00:00 Debian Oval Importer Affected by VCID-y1nr-y1pj-aaaf None 36.1.3
2025-06-08T10:25:38.269430+00:00 Debian Oval Importer Affected by VCID-y1nr-y1pj-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:25:23.373238+00:00 Debian Oval Importer Affected by VCID-7dbv-wt1s-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:37:18.387109+00:00 Debian Oval Importer Affected by VCID-q1qe-zr6p-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:02:41.939003+00:00 Debian Oval Importer Affected by VCID-3tdt-b5tc-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:41:05.622868+00:00 Debian Oval Importer Affected by VCID-kkd1-e4k1-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:14:10.398149+00:00 Debian Oval Importer Affected by VCID-fhgh-jkwa-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:54:12.588443+00:00 Debian Oval Importer Affected by VCID-tv97-anfg-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:48:06.722525+00:00 Debian Oval Importer Affected by VCID-s9gd-bwju-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T18:17:00.464189+00:00 Debian Oval Importer Affected by VCID-fhgh-jkwa-aaah None 36.1.0
2025-06-07T17:44:24.482121+00:00 Debian Oval Importer Affected by VCID-s9gd-bwju-aaas None 36.1.0
2025-06-07T16:17:38.538796+00:00 Debian Oval Importer Affected by VCID-3tdt-b5tc-aaak None 36.1.0
2025-06-07T16:17:29.411318+00:00 Debian Oval Importer Affected by VCID-tv97-anfg-aaam None 36.1.0
2025-06-07T15:17:03.199072+00:00 Debian Oval Importer Affected by VCID-7dbv-wt1s-aaak None 36.1.0
2025-06-07T14:46:26.971616+00:00 Debian Oval Importer Affected by VCID-q1qe-zr6p-aaap None 36.1.0
2025-06-07T14:24:15.588037+00:00 Debian Oval Importer Affected by VCID-kkd1-e4k1-aaam None 36.1.0
2025-06-07T14:02:55.885458+00:00 Debian Oval Importer Affected by VCID-y1nr-y1pj-aaaf None 36.1.0
2025-04-12T16:06:44.131449+00:00 Debian Oval Importer Affected by VCID-y1nr-y1pj-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:57:42.418312+00:00 Debian Oval Importer Affected by VCID-7dbv-wt1s-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:08:47.438819+00:00 Debian Oval Importer Affected by VCID-q1qe-zr6p-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:34:54.306237+00:00 Debian Oval Importer Affected by VCID-3tdt-b5tc-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:13:33.469936+00:00 Debian Oval Importer Affected by VCID-kkd1-e4k1-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:46:43.584977+00:00 Debian Oval Importer Affected by VCID-fhgh-jkwa-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:26:04.356993+00:00 Debian Oval Importer Affected by VCID-tv97-anfg-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:19:52.433480+00:00 Debian Oval Importer Affected by VCID-s9gd-bwju-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T16:54:30.846792+00:00 Debian Oval Importer Affected by VCID-fhgh-jkwa-aaah None 36.0.0
2025-04-07T16:20:34.954128+00:00 Debian Oval Importer Affected by VCID-s9gd-bwju-aaas None 36.0.0
2025-04-07T14:49:12.231397+00:00 Debian Oval Importer Affected by VCID-3tdt-b5tc-aaak None 36.0.0
2025-04-07T14:49:02.409675+00:00 Debian Oval Importer Affected by VCID-tv97-anfg-aaam None 36.0.0
2025-04-07T13:48:34.116494+00:00 Debian Oval Importer Affected by VCID-7dbv-wt1s-aaak None 36.0.0
2025-04-07T13:18:26.334552+00:00 Debian Oval Importer Affected by VCID-q1qe-zr6p-aaap None 36.0.0
2025-04-07T12:56:43.044456+00:00 Debian Oval Importer Affected by VCID-kkd1-e4k1-aaam None 36.0.0
2025-04-07T12:36:59.548141+00:00 Debian Oval Importer Affected by VCID-y1nr-y1pj-aaaf None 36.0.0