jquery-rails 0.2.3

7 security vulnerabilities found in version 0.2.3

Potential XSS vulnerability in jQuery

high severity CVE-2020-11023
high severity CVE-2020-11023
Patched versions: >= 4.4.0

Impact

Passing HTML containing <option> elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Workarounds

To workaround this issue without upgrading, use DOMPurify with its SAFE_FOR_JQUERY option to sanitize the HTML string before passing it to a jQuery method.

Cross-Site Scripting in jquery

medium severity CVE-2020-7656
medium severity CVE-2020-7656
Patched versions: >= 2.1.4

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.

Prototype pollution attack through jQuery $.extend

medium severity CVE-2019-11358
medium severity CVE-2019-11358
Patched versions: >= 4.3.4

jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of bject.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Cross-Site Scripting (XSS) in jquery

medium severity CVE-2015-9251
medium severity CVE-2015-9251
Patched versions: >= 4.2.0

Affected versions of jquery interpret text/javascript responses from cross-origin ajax requests, and automatically execute the contents in jQuery.globalEval, even when the ajax request doesn't contain the dataType option.

CSRF Vulnerability in jquery-rails

medium severity CVE-2015-1840
medium severity CVE-2015-1840
Patched versions: >= 4.0.4, ~> 3.1.3

In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" (note the leading space) that will be passed to JQuery, who will see this as a same origin request, and send the user's CSRF token to the attacker domain.

To work around this problem, change code that allows users to control the href attribute of an anchor tag or the action attribute of a form tag to filter the user parameters.

For example, code like this:

link_to params

to code like this:

link_to filtered_params

def filtered_params # Filter just the parameters that you trust end

See also:

Cross-Site Scripting in jquery

medium severity CVE-2012-6708
medium severity CVE-2012-6708
Patched versions: ~> 2.1.4, >= 2.2.0

Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.

Proof of Concept

$("#log").html( $("element[attribute='<img src="x" onerror="alert(1)" />']").html() );

jQuery vulnerable to Cross-Site Scripting (XSS)

medium severity CVE-2011-4969
medium severity CVE-2011-4969
Patched versions: >= 1.6.3

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

Gem version without a license.


Unless a license that specifies otherwise is included, nobody can use, copy, distribute, or modify this library without being at risk of take-downs, shake-downs, or litigation.

This gem version is available.


This gem version has not been yanked and is still available for usage.