GitHub Advisory DatabaseGHSA-2PQJ-H3VJ-PQGW

HistorySep 01, 2020 - 4:41 p.m.

Cross-Site Scripting in jquery

2020-09-0116:41:46

CWE-64

CWE-79

GitHub Advisory Database

github.com

273

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.008 Low

EPSS

Percentile

82.0%

JSON

Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.

Proof of Concept

$("#log").html(
    $("element[attribute='<img src />']").html()
);

Recommendation

Update to version 1.9.0 or later.

Affected configurations

Vulners

Node

jqueryjqueryRange<2.2.0

jqueryjqueryRange≤1.8.3

org.webjars.npm\Matchjquery

jqueryjqueryRange≤1.8.3

CPENameOperatorVersion
jquery-railslt2.2.0
jqueryle1.8.3
org.webjars.npm:jqueryle1.8.3
jqueryle1.8.3

Name	Operator	Version
jquery-rails	lt	2.2.0
jquery	le	1.8.3
org.webjars.npm:jquery	le	1.8.3
jquery	le	1.8.3

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html

packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html

packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html

bugs.jquery.com/ticket/11290

bugs.jquery.com/ticket/12531

bugs.jquery.com/ticket/6429

bugs.jquery.com/ticket/9521

github.com/advisories/GHSA-2pqj-h3vj-pqgw

github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d

github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L59

github.com/rails/jquery-rails/blob/v2.2.0/vendor/assets/javascripts/jquery.js#L67

github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2012-6708.yml

help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2012-6708

nvd.nist.gov/vuln/detail/CVE-2017-16011

research.insecurelabs.org/jquery/test/

security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450223

snyk.io/vuln/npm:jquery:20120206

web.archive.org/web/20200227132049/www.securityfocus.com/bid/102792

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.008 Low

EPSS

Percentile

82.0%

JSON

Related for GHSA-2PQJ-H3VJ-PQGW