Search for packages
Package details: pkg:deb/debian/jquery@3.3.1~dfsg-3
purl pkg:deb/debian/jquery@3.3.1~dfsg-3
Next non-vulnerable version 3.3.1~dfsg-3+deb10u1
Latest non-vulnerable version 3.3.1~dfsg-3+deb10u1
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-fhgh-jkwa-aaah
Aliases:
CVE-2020-11023
GHSA-jpcq-cgw6-v4j6
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
3.3.1~dfsg-3+deb10u1
Affected by 0 other vulnerabilities.
VCID-kkd1-e4k1-aaam
Aliases:
CVE-2020-11022
GHSA-gxr4-xjj5-5px2
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
3.3.1~dfsg-3+deb10u1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-tv97-anfg-aaam jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CVE-2019-11358
GHSA-6c3j-c64m-qhgq

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T14:47:43.029363+00:00 Debian Oval Importer Affected by VCID-kkd1-e4k1-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:21:02.761158+00:00 Debian Oval Importer Affected by VCID-fhgh-jkwa-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:59:15.529980+00:00 Debian Oval Importer Fixing VCID-tv97-anfg-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T00:54:39.418524+00:00 Debian Oval Importer Affected by VCID-fhgh-jkwa-aaah None 36.1.3
2025-06-20T22:54:10.264815+00:00 Debian Oval Importer Fixing VCID-tv97-anfg-aaam None 36.1.3
2025-06-20T20:56:12.781951+00:00 Debian Oval Importer Affected by VCID-kkd1-e4k1-aaam None 36.1.3
2025-06-08T07:41:05.634215+00:00 Debian Oval Importer Affected by VCID-kkd1-e4k1-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:14:10.408634+00:00 Debian Oval Importer Affected by VCID-fhgh-jkwa-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:54:12.600891+00:00 Debian Oval Importer Fixing VCID-tv97-anfg-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T18:17:00.476727+00:00 Debian Oval Importer Affected by VCID-fhgh-jkwa-aaah None 36.1.0
2025-06-07T16:17:29.423018+00:00 Debian Oval Importer Fixing VCID-tv97-anfg-aaam None 36.1.0
2025-06-07T14:24:15.600600+00:00 Debian Oval Importer Affected by VCID-kkd1-e4k1-aaam None 36.1.0
2025-04-08T06:13:33.504946+00:00 Debian Oval Importer Affected by VCID-kkd1-e4k1-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:46:43.620365+00:00 Debian Oval Importer Affected by VCID-fhgh-jkwa-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:26:04.390770+00:00 Debian Oval Importer Fixing VCID-tv97-anfg-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T16:54:30.883767+00:00 Debian Oval Importer Affected by VCID-fhgh-jkwa-aaah None 36.0.0
2025-04-07T14:49:02.444957+00:00 Debian Oval Importer Fixing VCID-tv97-anfg-aaam None 36.0.0
2025-04-07T12:56:43.088517+00:00 Debian Oval Importer Affected by VCID-kkd1-e4k1-aaam None 36.0.0