jquery-rails 4.3.5

2 security vulnerabilities found in version 4.3.5

Potential XSS vulnerability in jQuery

high severity CVE-2020-11023
high severity CVE-2020-11023
Patched versions: >= 4.4.0

Impact

Passing HTML containing <option> elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Workarounds

To workaround this issue without upgrading, use DOMPurify with its SAFE_FOR_JQUERY option to sanitize the HTML string before passing it to a jQuery method.

jQuery Cross Site Scripting vulnerability

medium severity CVE-2020-23064
medium severity CVE-2020-23064
Patched versions: >= 4.4.0
Unaffected versions: < 4.1.0

Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.