Search for packages
Package details: pkg:gem/jquery-rails@4.4.0
purl pkg:gem/jquery-rails@4.4.0
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-q1qe-zr6p-aaap
Aliases:
CVE-2012-6708
GHSA-2pqj-h3vj-pqgw
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. There are no reported fixed by versions.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-54hw-cf5y-aaaj Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element. CVE-2020-23064
GHSA-257q-pv89-v3xv
VCID-fhgh-jkwa-aaah In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CVE-2020-11023
GHSA-jpcq-cgw6-v4j6
VCID-kkd1-e4k1-aaam In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CVE-2020-11022
GHSA-gxr4-xjj5-5px2

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T16:35:49.910197+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-23064.yml 36.1.3
2025-06-20T16:35:48.953888+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj None 36.1.3
2025-06-03T23:14:34.326796+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-23064.yml 36.1.0
2025-06-03T23:14:33.184938+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj None 36.1.0
2025-06-02T23:11:37.192167+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-23064.yml 36.1.2
2025-06-02T23:11:36.042401+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj None 36.1.2
2025-04-04T11:33:45.997969+00:00 GithubOSV Importer Fixing VCID-fhgh-jkwa-aaah https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json 36.0.0
2025-04-04T11:33:43.268571+00:00 GithubOSV Importer Fixing VCID-kkd1-e4k1-aaam https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-gxr4-xjj5-5px2/GHSA-gxr4-xjj5-5px2.json 36.0.0
2025-04-03T21:20:55.409261+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-23064.yml 36.0.0
2025-04-03T21:20:53.592257+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj None 36.0.0
2025-03-28T20:04:44.896658+00:00 GHSA Importer Fixing VCID-54hw-cf5y-aaaj None 36.0.0
2025-03-28T20:04:05.600942+00:00 GHSA Importer Fixing VCID-fhgh-jkwa-aaah https://github.com/advisories/GHSA-jpcq-cgw6-v4j6 36.0.0
2025-03-28T20:04:05.217372+00:00 GHSA Importer Fixing VCID-fhgh-jkwa-aaah None 36.0.0
2025-03-28T16:48:34.463144+00:00 GitLab Importer Fixing VCID-fhgh-jkwa-aaah https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-11023.yml 36.0.0
2025-02-18T04:28:01.504828+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj None 35.1.0
2025-02-18T04:27:56.809745+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-23064.yml 35.1.0
2024-11-21T01:21:54.056307+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-23064.yml 35.0.0
2024-11-19T19:09:57.473251+00:00 GHSA Importer Fixing VCID-kkd1-e4k1-aaam https://github.com/advisories/GHSA-gxr4-xjj5-5px2 34.3.2
2024-11-19T15:48:04.268257+00:00 GitLab Importer Fixing VCID-kkd1-e4k1-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-11022.yml 34.3.2
2024-11-19T01:08:03.757627+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-23064.yml 34.3.2
2024-11-19T00:51:16.310063+00:00 GithubOSV Importer Fixing VCID-kkd1-e4k1-aaam https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-gxr4-xjj5-5px2/GHSA-gxr4-xjj5-5px2.json 34.3.2
2024-10-15T18:32:41.432164+00:00 GithubOSV Importer Fixing VCID-54hw-cf5y-aaaj https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-257q-pv89-v3xv/GHSA-257q-pv89-v3xv.json 34.0.2
2024-10-15T18:30:52.035139+00:00 GithubOSV Importer Fixing VCID-fhgh-jkwa-aaah https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json 34.0.2
2024-10-15T18:30:50.899330+00:00 GithubOSV Importer Fixing VCID-kkd1-e4k1-aaam https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-gxr4-xjj5-5px2/GHSA-gxr4-xjj5-5px2.json 34.0.2
2024-10-15T17:32:42.898764+00:00 Ruby Importer Affected by VCID-54hw-cf5y-aaaj https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml 34.0.2
2024-10-15T17:32:42.828840+00:00 Ruby Importer Fixing VCID-54hw-cf5y-aaaj https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml 34.0.2
2024-10-15T17:27:21.015556+00:00 Ruby Importer Affected by VCID-q1qe-zr6p-aaap https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2012-6708.yml 34.0.2
2024-10-08T01:43:31.792857+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-23064.yml 34.0.2
2024-10-07T18:30:10.386283+00:00 GHSA Importer Fixing VCID-54hw-cf5y-aaaj https://github.com/advisories/GHSA-257q-pv89-v3xv 34.0.2
2024-09-21T15:57:49.804801+00:00 Ruby Importer Affected by VCID-54hw-cf5y-aaaj https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml 34.0.1
2024-09-21T15:57:49.737390+00:00 Ruby Importer Fixing VCID-54hw-cf5y-aaaj https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml 34.0.1
2024-09-21T15:52:14.493160+00:00 Ruby Importer Affected by VCID-q1qe-zr6p-aaap https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2012-6708.yml 34.0.1
2024-09-18T09:26:12.863330+00:00 GithubOSV Importer Fixing VCID-fhgh-jkwa-aaah https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json 34.0.1
2024-09-18T09:26:11.225542+00:00 GithubOSV Importer Fixing VCID-kkd1-e4k1-aaam https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-gxr4-xjj5-5px2/GHSA-gxr4-xjj5-5px2.json 34.0.1
2024-09-18T09:23:48.386415+00:00 GithubOSV Importer Fixing VCID-54hw-cf5y-aaaj https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-257q-pv89-v3xv/GHSA-257q-pv89-v3xv.json 34.0.1
2024-09-17T22:47:24.200393+00:00 GitLab Importer Fixing VCID-fhgh-jkwa-aaah https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-11023.yml 34.0.1
2024-09-17T22:47:24.137157+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-23064.yml 34.0.1
2024-09-17T22:17:13.617426+00:00 GHSA Importer Fixing VCID-fhgh-jkwa-aaah https://github.com/advisories/GHSA-jpcq-cgw6-v4j6 34.0.1
2024-09-17T22:17:13.321940+00:00 GHSA Importer Fixing VCID-54hw-cf5y-aaaj https://github.com/advisories/GHSA-257q-pv89-v3xv 34.0.1
2024-09-17T22:17:12.821646+00:00 GHSA Importer Fixing VCID-kkd1-e4k1-aaam https://github.com/advisories/GHSA-gxr4-xjj5-5px2 34.0.1
2024-05-17T13:03:32.650128+00:00 GHSA Importer Fixing VCID-fhgh-jkwa-aaah https://github.com/advisories/GHSA-jpcq-cgw6-v4j6 34.0.0rc4
2024-04-24T04:03:08.883933+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-23064.yml 34.0.0rc4
2024-04-24T04:03:08.407302+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj None 34.0.0rc4
2024-04-23T23:17:59.046362+00:00 GithubOSV Importer Fixing VCID-fhgh-jkwa-aaah https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json 34.0.0rc4
2024-04-23T23:17:57.447977+00:00 GithubOSV Importer Fixing VCID-kkd1-e4k1-aaam https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-gxr4-xjj5-5px2/GHSA-gxr4-xjj5-5px2.json 34.0.0rc4
2024-04-23T23:15:46.030177+00:00 GithubOSV Importer Fixing VCID-54hw-cf5y-aaaj https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-257q-pv89-v3xv/GHSA-257q-pv89-v3xv.json 34.0.0rc4
2024-04-23T20:17:37.056672+00:00 GHSA Importer Fixing VCID-54hw-cf5y-aaaj None 34.0.0rc4
2024-04-23T17:41:34.713682+00:00 GHSA Importer Fixing VCID-54hw-cf5y-aaaj https://github.com/advisories/GHSA-257q-pv89-v3xv 34.0.0rc4
2024-01-10T06:38:44.021068+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-23064.yml 34.0.0rc2
2024-01-10T06:38:43.535994+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj None 34.0.0rc2
2024-01-09T22:08:12.831167+00:00 GHSA Importer Fixing VCID-54hw-cf5y-aaaj https://github.com/advisories/GHSA-257q-pv89-v3xv 34.0.0rc2
2024-01-09T22:08:10.540908+00:00 GHSA Importer Fixing VCID-54hw-cf5y-aaaj None 34.0.0rc2
2024-01-03T23:25:18.446937+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj None 34.0.0rc1
2024-01-03T18:08:31.849811+00:00 GitLab Importer Fixing VCID-fhgh-jkwa-aaah https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-11023.yml 34.0.0rc1
2024-01-03T18:08:31.777711+00:00 GitLab Importer Fixing VCID-54hw-cf5y-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-rails/CVE-2020-23064.yml 34.0.0rc1
2024-01-03T17:46:50.660819+00:00 GHSA Importer Fixing VCID-fhgh-jkwa-aaah https://github.com/advisories/GHSA-jpcq-cgw6-v4j6 34.0.0rc1
2024-01-03T17:46:50.335082+00:00 GHSA Importer Fixing VCID-54hw-cf5y-aaaj https://github.com/advisories/GHSA-257q-pv89-v3xv 34.0.0rc1
2024-01-03T17:46:49.834100+00:00 GHSA Importer Fixing VCID-kkd1-e4k1-aaam https://github.com/advisories/GHSA-gxr4-xjj5-5px2 34.0.0rc1
2024-01-03T16:52:34.251708+00:00 GHSA Importer Fixing VCID-54hw-cf5y-aaaj None 34.0.0rc1