jquery-rails 4.1.1
Potential XSS vulnerability in jQuery
high severity CVE-2020-11023>= 4.4.0
Impact
Passing HTML containing <option>
elements from untrusted sources - even after
sanitizing them - to one of jQuery's DOM manipulation methods (i.e. .html()
,
.append()
, and others) may execute untrusted code.
Workarounds
To workaround this issue without upgrading, use DOMPurify with its
SAFE_FOR_JQUERY
option to sanitize the HTML string before passing it to a
jQuery method.
jQuery Cross Site Scripting vulnerability
medium severity CVE-2020-23064>= 4.4.0
< 4.1.0
Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0
allows a remote attacker to execute arbitrary code via the
<options>
element.
Prototype pollution attack through jQuery $.extend
medium severity CVE-2019-11358>= 4.3.4
jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of bject.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Cross-Site Scripting (XSS) in jquery
medium severity CVE-2015-9251>= 4.2.0
Affected versions of jquery
interpret text/javascript
responses
from cross-origin ajax requests, and automatically execute the
contents in jQuery.globalEval
, even when the ajax request
doesn't contain the dataType
option.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.