CVE-2020-11023
medium
KEV
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
8.0
Description
Moderate: gcc security update
CISA KEV
- Vendor
- JQuery
- Product
- JQuery
- Due date
- 2025-02-13
Predictions
Exploit likelihood
99%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
{Vendor advisory: cisa-kev โ This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 ; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2020-11023}
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
jQuery 1.0.3 - Cross-Site Scripting (XSS)
Source code queued for fetch โ refresh in a moment.
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
AlmaLinux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | tbb-devel-2020.3-8.el9_5.1.aarch64.rpm |
| 8 | Fixed | libgcc-8.5.0-23.el8_10.alma.1.i686.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 3.5.0+dfsg-2 |
| sid | Fixed | 3.5.0+dfsg-2 |
| forky | Fixed | 3.5.0+dfsg-2 |
| bullseye | Fixed | 3.5.0+dfsg-2 |
| bookworm | Fixed | 3.5.0+dfsg-2 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| RubyGems | jquery-rails | <>= 4.4.0 | >= 4.4.0 |
| npm | jquery | >=1.0.3,<3.5.0 | 3.5.0 |
| RubyGems | jquery-rails | <4.4.0 | 4.4.0 |
| NuGet | jQuery | >=1.0.3,<3.5.0 | 3.5.0 |
| Maven | org.webjars.npm:jquery | >=1.0.3,<3.5.0 | 3.5.0 |
| Packagist | components/jquery | >=1.0.3,<3.5.0 | 3.5.0 |
References
- https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
- https://access.redhat.com/errata/RHSA-2025:1210
- https://access.redhat.com/errata/RHSA-2025:1300
- https://access.redhat.com/errata/RHSA-2025:1309
- https://access.redhat.com/errata/RHSA-2025:1329
- https://access.redhat.com/errata/RHSA-2025:1346
- https://errata.rockylinux.org/RLSA-2025:1314
- https://errata.rockylinux.org/RLSA-2025:1338
- https://errata.rockylinux.org/RLSA-2025:1215
- https://errata.rockylinux.org/RLSA-2025:1306
- https://errata.rockylinux.org/RLSA-2025:1301
- https://www.suse.com/security/cve/CVE-2020-11023.html
- https://errata.rockylinux.org/RLSA-2021:4142
- https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
- https://nvd.nist.gov/vuln/detail/CVE-2020-11023
- https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
- https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
- https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E
- https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.