jquery-rails 2.1.3
Potential XSS vulnerability in jQuery
high severity CVE-2020-11023>= 4.4.0
Impact
Passing HTML containing <option>
elements from untrusted sources - even after
sanitizing them - to one of jQuery's DOM manipulation methods (i.e. .html()
,
.append()
, and others) may execute untrusted code.
Workarounds
To workaround this issue without upgrading, use DOMPurify with its
SAFE_FOR_JQUERY
option to sanitize the HTML string before passing it to a
jQuery method.
Potential XSS vulnerability in jQuery
high severity CVE-2020-11022>= 3.5.0
< 1.2.0
Impact
Passing HTML from untrusted sources - even after sanitizing it - to
one of jQuery's DOM manipulation methods (i.e. .html()
, .append()
,
and others) may execute untrusted code.
Patches
This problem is patched in jQuery 3.5.0.
Workarounds
To workaround the issue without upgrading, adding the following to your code:
jQuery.htmlPrefilter = function( html ) {
return html;
};
You need to use at least jQuery 1.12/2.2 or newer to be able to apply this workaround.
References
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://jquery.com/upgrade-guide/3.5/
For more information
If you have any questions or comments about this advisory, search for a relevant issue in the jQuery repo.
If you don't find an answer, open a new issue."
Cross-Site Scripting in jquery
medium severity CVE-2020-7656>= 2.1.4
Versions of jquery
prior to 1.9.0 are vulnerable to Cross-Site
Scripting. The load method fails to recognize and remove ""
HTML tags that contain a whitespace character, i.e: "",
which results in the enclosed script logic to be executed. This
allows attackers to execute arbitrary JavaScript in a victim's browser.
Prototype pollution attack through jQuery $.extend
medium severity CVE-2019-11358>= 4.3.4
jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of bject.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Cross-Site Scripting (XSS) in jquery
medium severity CVE-2015-9251>= 4.2.0
Affected versions of jquery
interpret text/javascript
responses
from cross-origin ajax requests, and automatically execute the
contents in jQuery.globalEval
, even when the ajax request
doesn't contain the dataType
option.
CSRF Vulnerability in jquery-rails
medium severity CVE-2015-1840>= 4.0.4
, ~> 3.1.3
In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" (note the leading space) that will be passed to JQuery, who will see this as a same origin request, and send the user's CSRF token to the attacker domain.
To work around this problem, change code that allows users to control the href attribute of an anchor tag or the action attribute of a form tag to filter the user parameters.
For example, code like this:
link_to params
to code like this:
link_to filtered_params
def filtered_params # Filter just the parameters that you trust end
See also:
Cross-Site Scripting in jquery
medium severity CVE-2012-6708~> 2.1.4
, >= 2.2.0
Affected versions of jquery
are vulnerable to cross-site scripting.
This occurs because the main jquery
function uses a regular expression
to differentiate between HTML and selectors, but does not properly anchor
the regular expression. The result is that jquery
may interpret HTML
as selectors when given certain inputs, allowing for client side code
execution.
Proof of Concept
$("#log").html( $("element[attribute='<img src="x" onerror="alert(1)" />']").html() );
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
Author did not declare license for this gem in the gemspec.
This gem version has a MIT license in the source code, however it was not declared in the gemspec file.
This gem version is available.
This gem version has not been yanked and is still available for usage.