Search for packages
| purl | pkg:gem/jquery-rails@1.2.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-kkd1-e4k1-aaam
Aliases: CVE-2020-11022 GHSA-gxr4-xjj5-5px2 |
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
Affected by 0 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-09-18T08:44:01.620276+00:00 | Ruby Importer | Affected by | VCID-kkd1-e4k1-aaam | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml | 34.0.1 |
| 2024-09-17T22:47:23.935295+00:00 | GitLab Importer | Affected by | VCID-kkd1-e4k1-aaam | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-11022.yml | 34.0.1 |
| 2024-04-23T22:45:05.637938+00:00 | Ruby Importer | Affected by | VCID-kkd1-e4k1-aaam | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml | 34.0.0rc4 |
| 2024-01-03T18:08:31.560250+00:00 | GitLab Importer | Affected by | VCID-kkd1-e4k1-aaam | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-11022.yml | 34.0.0rc1 |