Path to vulnerable library: /java/url-redirection-harder/src/main/resources/static/js/jquery.min.js,/java/sqli-like/src/main/resources/static/js/jquery.min.js,/python/CSRF-SameSite/static/js/jquery.min.js,/python/SQLI-login-bypass/static/js/jquery.min.js,/python/X-allow-origin/static/js/jquery.min.js,/python/Ldap-injection-harder/static/js/jquery.min.js,/java/xss-url/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery.min.js,/python/NoSQL/static/js/jquery.min.js,/python/weak-lock-out-mechanism/static/js/jquery.min.js,/python/user-registration-process/static/js/jquery.min.js,/python/Ldap-injection/static/js/jquery.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery.min.js,/python/XSS-url/static/js/jquery.min.js,/java/lfi2/src/main/resources/static/js/jquery.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass/static/js/jquery.min.js,/python/CMD/static/js/jquery.min.js,/java/cmd/src/main/resources/static/js/jquery.min.js,/python/graphql-info-introspection/static/js/jquery.min.js,/python/CSTI/static/js/jquery.min.js,/python/Auth-bypass-simple/static/js/jquery.min.js,/c/32_bufferOverflow/static/js/jquery.min.js,/java/lfi3/src/main/resources/static/js/jquery.min.js,/java/cmd-blind/src/main/resources/static/js/jquery.min.js,/python/JWT-null/static/js/jquery.min.js,/java/csrf/src/main/resources/static/js/jquery.min.js,/java/cors/src/main/resources/static/js/jquery.min.js,/python/CORS/static/js/jquery.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery.min.js,/python/CMD4/static/js/jquery.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery.min.js,/java/graphql-idor/src/main/resources/static/js/jquery.min.js,/java/graphql-injections/src/main/resources/static/js/jquery.min.js,/java/jwt-null/src/main/resources/static/js/jquery.min.js,/java/idor/src/main/resources/static/js/jquery.min.js,/java/des-java/src/main/resources/static/js/jquery.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery.min.js,/python/LFI-2/static/js/jquery.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery.min.js,/java/cmd4/src/main/resources/static/js/jquery.min.js,/java/ssti/src/main/resources/static/js/jquery.min.js,/python/graphql-injections/static/js/jquery.min.js,/java/xss-dom2/src/main/resources/static/js/jquery.min.js,/python/Threat-modeling/static/js/jquery.min.js,/python/Unreferenced-files/static/js/jquery.min.js,/java/csp/src/main/resources/static/js/jquery.min.js,/python/DES-Pickle/static/js/jquery.min.js,/python/CMD2/static/js/jquery.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery.min.js,/python/CSRF/static/js/jquery.min.js,/nodeJs/Graphql-IDOR/static/js/jquery.min.js,/java/dos-regex/src/main/resources/static/js/jquery.min.js,/python/Content-type/static/js/jquery.min.js,/python/SQLI/static/js/jquery.min.js,/python/Url-redirection-harder/static/js/jquery.min.js,/java/ratelimiting/src/main/resources/static/js/jquery.min.js,/python/Untrusted-sources-js/static/js/jquery.min.js,/python/XSS/static/js/jquery.min.js,/python/TLS-downgrade/static/js/jquery.min.js,/lab-template/static/js/jquery.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery.min.js,/python/IDOR/static/js/jquery.min.js,/python/account-provisioning-process/static/js/jquery.min.js,/python/info-leakeage-metadata/static/js/jquery.min.js,/java/sqli/src/main/resources/static/js/jquery.min.js,/python/CSRF-weak/static/js/jquery.min.js,/python/DES-Pickle-2/static/js/jquery.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery.min.js,/python/Formula-injection/static/js/jquery.min.js,/java/csrf-weak/src/main/resources/static/js/jquery.min.js,/python/DNS-rebinding/static/js/jquery.min.js,/python/Auth-bypass-2/static/js/jquery.min.js,/java/ssti/src/main/resources/static/old/js/jquery.min.js,/python/Attack-Server/static/js/jquery.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery.min.js,/python/Session-Management-2/static/js/jquery.min.js,/java/formula-injection/src/main/resources/static/js/jquery.min.js,/python/credentials-guessing-2/static/js/jquery.min.js,/python/XSS-attribute/static/js/jquery.min.js,/python/session-hijacking-xss/static/js/jquery.min.js,/python/JWT-secret/static/js/jquery.min.js,/python/info-leakeage-comments/static/js/jquery.min.js,/java/sqli-blind/src/main/resources/static/js/jquery.min.js,/python/Url-redirection-harder2/static/js/jquery.min.js,/python/HTML-injection/static/js/jquery.min.js,/python/XXE/static/js/jquery.min.js,/python/RFI/static/js/jquery.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery.min.js,/java/file-upload/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery.min.js,/java/xxe/src/main/resources/static/js/jquery.min.js,/python/graphql-mutation/static/js/jquery.min.js,/python/DES-Yaml/static/js/jquery.min.js,/java/jwt-secret/src/main/resources/static/js/jquery.min.js,/python/Web-cache-poisoning/static/js/jquery.min.js,/python/RTLO/static/js/jquery.min.js,/java/rfi/src/main/resources/static/js/jquery.min.js,/java/xss-dom/src/main/resources/static/js/jquery.min.js,/java/rtlo/src/main/resources/static/js/jquery.min.js,/java/content-type/src/main/resources/static/js/jquery.min.js,/java/parameter-binding/src/main/resources/static/js/jquery.min.js,/python/CMD3/static/js/jquery.min.js,/python/SQLI-like/static/js/jquery.min.js,/python/DoS-regex/static/js/jquery.min.js,/python/SSRF/static/js/jquery.min.js,/python/ratelimiting/static/js/jquery.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery.min.js,/python/Url-redirection/static/js/jquery.min.js,/python/http-response-splitting/static/js/jquery.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery.min.js,/java/cmd2/src/main/resources/static/js/jquery.min.js,/java/racecondition/src/main/resources/static/js/jquery.min.js,/nodeJs/Graphql-DOS/static/js/jquery.min.js,/python/CSSI/static/js/jquery.min.js,/python/graphql-IDOR/static/js/jquery.min.js,/python/SQLI-blind/static/js/jquery.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery.min.js,/java/ldap-injection/src/main/resources/static/js/jquery.min.js,/java/lfi/src/main/resources/static/js/jquery.min.js,/java/csti/src/main/resources/static/js/jquery.min.js,/java/url-redirection/src/main/resources/static/js/jquery.min.js,/python/RaceCondition/static/js/jquery.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery.min.js,/python/client-side-restriction-bypass/static/js/jquery.min.js,/python/RaceCondition-file-write/static/js/jquery.min.js,/java/cssi/src/main/resources/static/js/jquery.min.js,/python/LFI-3/static/js/jquery.min.js,/python/CMD-Blind/static/js/jquery.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery.min.js,/python/XSS-DOM/static/js/jquery.min.js,/python/credentials-guessing-1/static/js/jquery.min.js,/python/XSS-DOM-2/static/js/jquery.min.js,/python/client-side-restriction-bypass-2/static/js/jquery.min.js,/python/Session-Management-1/static/js/jquery.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery.min.js,/python/SessionPuzzle/static/js/jquery.min.js,/java/xss/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-1/static/js/jquery.min.js,/java/xss-stored/src/main/resources/static/js/jquery.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery.min.js,/python/CSP/static/js/jquery.min.js,/java/ssrf/src/main/resources/static/js/jquery.min.js,/java/des-yaml/src/main/resources/static/js/jquery.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery.min.js,/python/LFI/static/js/jquery.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery.min.js,/java/cmd3/src/main/resources/static/js/jquery.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery.min.js,/python/SSTI/static/js/jquery.min.js,/python/File-upload/static/js/jquery.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-3/static/js/jquery.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery.min.js
Path to vulnerable library: /java/url-redirection-harder/src/main/resources/static/js/jquery.min.js,/java/sqli-like/src/main/resources/static/js/jquery.min.js,/python/CSRF-SameSite/static/js/jquery.min.js,/python/SQLI-login-bypass/static/js/jquery.min.js,/python/X-allow-origin/static/js/jquery.min.js,/python/Ldap-injection-harder/static/js/jquery.min.js,/java/xss-url/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery.min.js,/python/NoSQL/static/js/jquery.min.js,/python/weak-lock-out-mechanism/static/js/jquery.min.js,/python/user-registration-process/static/js/jquery.min.js,/python/Ldap-injection/static/js/jquery.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery.min.js,/python/XSS-url/static/js/jquery.min.js,/java/lfi2/src/main/resources/static/js/jquery.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass/static/js/jquery.min.js,/python/CMD/static/js/jquery.min.js,/java/cmd/src/main/resources/static/js/jquery.min.js,/python/graphql-info-introspection/static/js/jquery.min.js,/python/CSTI/static/js/jquery.min.js,/python/Auth-bypass-simple/static/js/jquery.min.js,/c/32_bufferOverflow/static/js/jquery.min.js,/java/lfi3/src/main/resources/static/js/jquery.min.js,/java/cmd-blind/src/main/resources/static/js/jquery.min.js,/python/JWT-null/static/js/jquery.min.js,/java/csrf/src/main/resources/static/js/jquery.min.js,/java/cors/src/main/resources/static/js/jquery.min.js,/python/CORS/static/js/jquery.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery.min.js,/python/CMD4/static/js/jquery.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery.min.js,/java/graphql-idor/src/main/resources/static/js/jquery.min.js,/java/graphql-injections/src/main/resources/static/js/jquery.min.js,/java/jwt-null/src/main/resources/static/js/jquery.min.js,/java/idor/src/main/resources/static/js/jquery.min.js,/java/des-java/src/main/resources/static/js/jquery.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery.min.js,/python/LFI-2/static/js/jquery.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery.min.js,/java/cmd4/src/main/resources/static/js/jquery.min.js,/java/ssti/src/main/resources/static/js/jquery.min.js,/python/graphql-injections/static/js/jquery.min.js,/java/xss-dom2/src/main/resources/static/js/jquery.min.js,/python/Threat-modeling/static/js/jquery.min.js,/python/Unreferenced-files/static/js/jquery.min.js,/java/csp/src/main/resources/static/js/jquery.min.js,/python/DES-Pickle/static/js/jquery.min.js,/python/CMD2/static/js/jquery.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery.min.js,/python/CSRF/static/js/jquery.min.js,/nodeJs/Graphql-IDOR/static/js/jquery.min.js,/java/dos-regex/src/main/resources/static/js/jquery.min.js,/python/Content-type/static/js/jquery.min.js,/python/SQLI/static/js/jquery.min.js,/python/Url-redirection-harder/static/js/jquery.min.js,/java/ratelimiting/src/main/resources/static/js/jquery.min.js,/python/Untrusted-sources-js/static/js/jquery.min.js,/python/XSS/static/js/jquery.min.js,/python/TLS-downgrade/static/js/jquery.min.js,/lab-template/static/js/jquery.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery.min.js,/python/IDOR/static/js/jquery.min.js,/python/account-provisioning-process/static/js/jquery.min.js,/python/info-leakeage-metadata/static/js/jquery.min.js,/java/sqli/src/main/resources/static/js/jquery.min.js,/python/CSRF-weak/static/js/jquery.min.js,/python/DES-Pickle-2/static/js/jquery.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery.min.js,/python/Formula-injection/static/js/jquery.min.js,/java/csrf-weak/src/main/resources/static/js/jquery.min.js,/python/DNS-rebinding/static/js/jquery.min.js,/python/Auth-bypass-2/static/js/jquery.min.js,/java/ssti/src/main/resources/static/old/js/jquery.min.js,/python/Attack-Server/static/js/jquery.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery.min.js,/python/Session-Management-2/static/js/jquery.min.js,/java/formula-injection/src/main/resources/static/js/jquery.min.js,/python/credentials-guessing-2/static/js/jquery.min.js,/python/XSS-attribute/static/js/jquery.min.js,/python/session-hijacking-xss/static/js/jquery.min.js,/python/JWT-secret/static/js/jquery.min.js,/python/info-leakeage-comments/static/js/jquery.min.js,/java/sqli-blind/src/main/resources/static/js/jquery.min.js,/python/Url-redirection-harder2/static/js/jquery.min.js,/python/HTML-injection/static/js/jquery.min.js,/python/XXE/static/js/jquery.min.js,/python/RFI/static/js/jquery.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery.min.js,/java/file-upload/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery.min.js,/java/xxe/src/main/resources/static/js/jquery.min.js,/python/graphql-mutation/static/js/jquery.min.js,/python/DES-Yaml/static/js/jquery.min.js,/java/jwt-secret/src/main/resources/static/js/jquery.min.js,/python/Web-cache-poisoning/static/js/jquery.min.js,/python/RTLO/static/js/jquery.min.js,/java/rfi/src/main/resources/static/js/jquery.min.js,/java/xss-dom/src/main/resources/static/js/jquery.min.js,/java/rtlo/src/main/resources/static/js/jquery.min.js,/java/content-type/src/main/resources/static/js/jquery.min.js,/java/parameter-binding/src/main/resources/static/js/jquery.min.js,/python/CMD3/static/js/jquery.min.js,/python/SQLI-like/static/js/jquery.min.js,/python/DoS-regex/static/js/jquery.min.js,/python/SSRF/static/js/jquery.min.js,/python/ratelimiting/static/js/jquery.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery.min.js,/python/Url-redirection/static/js/jquery.min.js,/python/http-response-splitting/static/js/jquery.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery.min.js,/java/cmd2/src/main/resources/static/js/jquery.min.js,/java/racecondition/src/main/resources/static/js/jquery.min.js,/nodeJs/Graphql-DOS/static/js/jquery.min.js,/python/CSSI/static/js/jquery.min.js,/python/graphql-IDOR/static/js/jquery.min.js,/python/SQLI-blind/static/js/jquery.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery.min.js,/java/ldap-injection/src/main/resources/static/js/jquery.min.js,/java/lfi/src/main/resources/static/js/jquery.min.js,/java/csti/src/main/resources/static/js/jquery.min.js,/java/url-redirection/src/main/resources/static/js/jquery.min.js,/python/RaceCondition/static/js/jquery.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery.min.js,/python/client-side-restriction-bypass/static/js/jquery.min.js,/python/RaceCondition-file-write/static/js/jquery.min.js,/java/cssi/src/main/resources/static/js/jquery.min.js,/python/LFI-3/static/js/jquery.min.js,/python/CMD-Blind/static/js/jquery.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery.min.js,/python/XSS-DOM/static/js/jquery.min.js,/python/credentials-guessing-1/static/js/jquery.min.js,/python/XSS-DOM-2/static/js/jquery.min.js,/python/client-side-restriction-bypass-2/static/js/jquery.min.js,/python/Session-Management-1/static/js/jquery.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery.min.js,/python/SessionPuzzle/static/js/jquery.min.js,/java/xss/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-1/static/js/jquery.min.js,/java/xss-stored/src/main/resources/static/js/jquery.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery.min.js,/python/CSP/static/js/jquery.min.js,/java/ssrf/src/main/resources/static/js/jquery.min.js,/java/des-yaml/src/main/resources/static/js/jquery.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery.min.js,/python/LFI/static/js/jquery.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery.min.js,/java/cmd3/src/main/resources/static/js/jquery.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery.min.js,/python/SSTI/static/js/jquery.min.js,/python/File-upload/static/js/jquery.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-3/static/js/jquery.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery.min.js
Path to vulnerable library: /java/url-redirection-harder/src/main/resources/static/js/jquery.min.js,/java/sqli-like/src/main/resources/static/js/jquery.min.js,/python/CSRF-SameSite/static/js/jquery.min.js,/python/SQLI-login-bypass/static/js/jquery.min.js,/python/X-allow-origin/static/js/jquery.min.js,/python/Ldap-injection-harder/static/js/jquery.min.js,/java/xss-url/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery.min.js,/python/NoSQL/static/js/jquery.min.js,/python/weak-lock-out-mechanism/static/js/jquery.min.js,/python/user-registration-process/static/js/jquery.min.js,/python/Ldap-injection/static/js/jquery.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery.min.js,/python/XSS-url/static/js/jquery.min.js,/java/lfi2/src/main/resources/static/js/jquery.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass/static/js/jquery.min.js,/python/CMD/static/js/jquery.min.js,/java/cmd/src/main/resources/static/js/jquery.min.js,/python/graphql-info-introspection/static/js/jquery.min.js,/python/CSTI/static/js/jquery.min.js,/python/Auth-bypass-simple/static/js/jquery.min.js,/c/32_bufferOverflow/static/js/jquery.min.js,/java/lfi3/src/main/resources/static/js/jquery.min.js,/java/cmd-blind/src/main/resources/static/js/jquery.min.js,/python/JWT-null/static/js/jquery.min.js,/java/csrf/src/main/resources/static/js/jquery.min.js,/java/cors/src/main/resources/static/js/jquery.min.js,/python/CORS/static/js/jquery.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery.min.js,/python/CMD4/static/js/jquery.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery.min.js,/java/graphql-idor/src/main/resources/static/js/jquery.min.js,/java/graphql-injections/src/main/resources/static/js/jquery.min.js,/java/jwt-null/src/main/resources/static/js/jquery.min.js,/java/idor/src/main/resources/static/js/jquery.min.js,/java/des-java/src/main/resources/static/js/jquery.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery.min.js,/python/LFI-2/static/js/jquery.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery.min.js,/java/cmd4/src/main/resources/static/js/jquery.min.js,/java/ssti/src/main/resources/static/js/jquery.min.js,/python/graphql-injections/static/js/jquery.min.js,/java/xss-dom2/src/main/resources/static/js/jquery.min.js,/python/Threat-modeling/static/js/jquery.min.js,/python/Unreferenced-files/static/js/jquery.min.js,/java/csp/src/main/resources/static/js/jquery.min.js,/python/DES-Pickle/static/js/jquery.min.js,/python/CMD2/static/js/jquery.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery.min.js,/python/CSRF/static/js/jquery.min.js,/nodeJs/Graphql-IDOR/static/js/jquery.min.js,/java/dos-regex/src/main/resources/static/js/jquery.min.js,/python/Content-type/static/js/jquery.min.js,/python/SQLI/static/js/jquery.min.js,/python/Url-redirection-harder/static/js/jquery.min.js,/java/ratelimiting/src/main/resources/static/js/jquery.min.js,/python/Untrusted-sources-js/static/js/jquery.min.js,/python/XSS/static/js/jquery.min.js,/python/TLS-downgrade/static/js/jquery.min.js,/lab-template/static/js/jquery.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery.min.js,/python/IDOR/static/js/jquery.min.js,/python/account-provisioning-process/static/js/jquery.min.js,/python/info-leakeage-metadata/static/js/jquery.min.js,/java/sqli/src/main/resources/static/js/jquery.min.js,/python/CSRF-weak/static/js/jquery.min.js,/python/DES-Pickle-2/static/js/jquery.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery.min.js,/python/Formula-injection/static/js/jquery.min.js,/java/csrf-weak/src/main/resources/static/js/jquery.min.js,/python/DNS-rebinding/static/js/jquery.min.js,/python/Auth-bypass-2/static/js/jquery.min.js,/java/ssti/src/main/resources/static/old/js/jquery.min.js,/python/Attack-Server/static/js/jquery.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery.min.js,/python/Session-Management-2/static/js/jquery.min.js,/java/formula-injection/src/main/resources/static/js/jquery.min.js,/python/credentials-guessing-2/static/js/jquery.min.js,/python/XSS-attribute/static/js/jquery.min.js,/python/session-hijacking-xss/static/js/jquery.min.js,/python/JWT-secret/static/js/jquery.min.js,/python/info-leakeage-comments/static/js/jquery.min.js,/java/sqli-blind/src/main/resources/static/js/jquery.min.js,/python/Url-redirection-harder2/static/js/jquery.min.js,/python/HTML-injection/static/js/jquery.min.js,/python/XXE/static/js/jquery.min.js,/python/RFI/static/js/jquery.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery.min.js,/java/file-upload/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery.min.js,/java/xxe/src/main/resources/static/js/jquery.min.js,/python/graphql-mutation/static/js/jquery.min.js,/python/DES-Yaml/static/js/jquery.min.js,/java/jwt-secret/src/main/resources/static/js/jquery.min.js,/python/Web-cache-poisoning/static/js/jquery.min.js,/python/RTLO/static/js/jquery.min.js,/java/rfi/src/main/resources/static/js/jquery.min.js,/java/xss-dom/src/main/resources/static/js/jquery.min.js,/java/rtlo/src/main/resources/static/js/jquery.min.js,/java/content-type/src/main/resources/static/js/jquery.min.js,/java/parameter-binding/src/main/resources/static/js/jquery.min.js,/python/CMD3/static/js/jquery.min.js,/python/SQLI-like/static/js/jquery.min.js,/python/DoS-regex/static/js/jquery.min.js,/python/SSRF/static/js/jquery.min.js,/python/ratelimiting/static/js/jquery.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery.min.js,/python/Url-redirection/static/js/jquery.min.js,/python/http-response-splitting/static/js/jquery.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery.min.js,/java/cmd2/src/main/resources/static/js/jquery.min.js,/java/racecondition/src/main/resources/static/js/jquery.min.js,/nodeJs/Graphql-DOS/static/js/jquery.min.js,/python/CSSI/static/js/jquery.min.js,/python/graphql-IDOR/static/js/jquery.min.js,/python/SQLI-blind/static/js/jquery.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery.min.js,/java/ldap-injection/src/main/resources/static/js/jquery.min.js,/java/lfi/src/main/resources/static/js/jquery.min.js,/java/csti/src/main/resources/static/js/jquery.min.js,/java/url-redirection/src/main/resources/static/js/jquery.min.js,/python/RaceCondition/static/js/jquery.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery.min.js,/python/client-side-restriction-bypass/static/js/jquery.min.js,/python/RaceCondition-file-write/static/js/jquery.min.js,/java/cssi/src/main/resources/static/js/jquery.min.js,/python/LFI-3/static/js/jquery.min.js,/python/CMD-Blind/static/js/jquery.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery.min.js,/python/XSS-DOM/static/js/jquery.min.js,/python/credentials-guessing-1/static/js/jquery.min.js,/python/XSS-DOM-2/static/js/jquery.min.js,/python/client-side-restriction-bypass-2/static/js/jquery.min.js,/python/Session-Management-1/static/js/jquery.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery.min.js,/python/SessionPuzzle/static/js/jquery.min.js,/java/xss/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-1/static/js/jquery.min.js,/java/xss-stored/src/main/resources/static/js/jquery.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery.min.js,/python/CSP/static/js/jquery.min.js,/java/ssrf/src/main/resources/static/js/jquery.min.js,/java/des-yaml/src/main/resources/static/js/jquery.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery.min.js,/python/LFI/static/js/jquery.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery.min.js,/java/cmd3/src/main/resources/static/js/jquery.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery.min.js,/python/SSTI/static/js/jquery.min.js,/python/File-upload/static/js/jquery.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-3/static/js/jquery.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery.min.js
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Path to vulnerable library: /java/url-redirection-harder/src/main/resources/static/js/jquery.min.js,/java/sqli-like/src/main/resources/static/js/jquery.min.js,/python/CSRF-SameSite/static/js/jquery.min.js,/python/SQLI-login-bypass/static/js/jquery.min.js,/python/X-allow-origin/static/js/jquery.min.js,/python/Ldap-injection-harder/static/js/jquery.min.js,/java/xss-url/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery.min.js,/python/NoSQL/static/js/jquery.min.js,/python/weak-lock-out-mechanism/static/js/jquery.min.js,/python/user-registration-process/static/js/jquery.min.js,/python/Ldap-injection/static/js/jquery.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery.min.js,/python/XSS-url/static/js/jquery.min.js,/java/lfi2/src/main/resources/static/js/jquery.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass/static/js/jquery.min.js,/python/CMD/static/js/jquery.min.js,/java/cmd/src/main/resources/static/js/jquery.min.js,/python/graphql-info-introspection/static/js/jquery.min.js,/python/CSTI/static/js/jquery.min.js,/python/Auth-bypass-simple/static/js/jquery.min.js,/c/32_bufferOverflow/static/js/jquery.min.js,/java/lfi3/src/main/resources/static/js/jquery.min.js,/java/cmd-blind/src/main/resources/static/js/jquery.min.js,/python/JWT-null/static/js/jquery.min.js,/java/csrf/src/main/resources/static/js/jquery.min.js,/java/cors/src/main/resources/static/js/jquery.min.js,/python/CORS/static/js/jquery.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery.min.js,/python/CMD4/static/js/jquery.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery.min.js,/java/graphql-idor/src/main/resources/static/js/jquery.min.js,/java/graphql-injections/src/main/resources/static/js/jquery.min.js,/java/jwt-null/src/main/resources/static/js/jquery.min.js,/java/idor/src/main/resources/static/js/jquery.min.js,/java/des-java/src/main/resources/static/js/jquery.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery.min.js,/python/LFI-2/static/js/jquery.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery.min.js,/java/cmd4/src/main/resources/static/js/jquery.min.js,/java/ssti/src/main/resources/static/js/jquery.min.js,/python/graphql-injections/static/js/jquery.min.js,/java/xss-dom2/src/main/resources/static/js/jquery.min.js,/python/Threat-modeling/static/js/jquery.min.js,/python/Unreferenced-files/static/js/jquery.min.js,/java/csp/src/main/resources/static/js/jquery.min.js,/python/DES-Pickle/static/js/jquery.min.js,/python/CMD2/static/js/jquery.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery.min.js,/python/CSRF/static/js/jquery.min.js,/nodeJs/Graphql-IDOR/static/js/jquery.min.js,/java/dos-regex/src/main/resources/static/js/jquery.min.js,/python/Content-type/static/js/jquery.min.js,/python/SQLI/static/js/jquery.min.js,/python/Url-redirection-harder/static/js/jquery.min.js,/java/ratelimiting/src/main/resources/static/js/jquery.min.js,/python/Untrusted-sources-js/static/js/jquery.min.js,/python/XSS/static/js/jquery.min.js,/python/TLS-downgrade/static/js/jquery.min.js,/lab-template/static/js/jquery.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery.min.js,/python/IDOR/static/js/jquery.min.js,/python/account-provisioning-process/static/js/jquery.min.js,/python/info-leakeage-metadata/static/js/jquery.min.js,/java/sqli/src/main/resources/static/js/jquery.min.js,/python/CSRF-weak/static/js/jquery.min.js,/python/DES-Pickle-2/static/js/jquery.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery.min.js,/python/Formula-injection/static/js/jquery.min.js,/java/csrf-weak/src/main/resources/static/js/jquery.min.js,/python/DNS-rebinding/static/js/jquery.min.js,/python/Auth-bypass-2/static/js/jquery.min.js,/java/ssti/src/main/resources/static/old/js/jquery.min.js,/python/Attack-Server/static/js/jquery.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery.min.js,/python/Session-Management-2/static/js/jquery.min.js,/java/formula-injection/src/main/resources/static/js/jquery.min.js,/python/credentials-guessing-2/static/js/jquery.min.js,/python/XSS-attribute/static/js/jquery.min.js,/python/session-hijacking-xss/static/js/jquery.min.js,/python/JWT-secret/static/js/jquery.min.js,/python/info-leakeage-comments/static/js/jquery.min.js,/java/sqli-blind/src/main/resources/static/js/jquery.min.js,/python/Url-redirection-harder2/static/js/jquery.min.js,/python/HTML-injection/static/js/jquery.min.js,/python/XXE/static/js/jquery.min.js,/python/RFI/static/js/jquery.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery.min.js,/java/file-upload/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery.min.js,/java/xxe/src/main/resources/static/js/jquery.min.js,/python/graphql-mutation/static/js/jquery.min.js,/python/DES-Yaml/static/js/jquery.min.js,/java/jwt-secret/src/main/resources/static/js/jquery.min.js,/python/Web-cache-poisoning/static/js/jquery.min.js,/python/RTLO/static/js/jquery.min.js,/java/rfi/src/main/resources/static/js/jquery.min.js,/java/xss-dom/src/main/resources/static/js/jquery.min.js,/java/rtlo/src/main/resources/static/js/jquery.min.js,/java/content-type/src/main/resources/static/js/jquery.min.js,/java/parameter-binding/src/main/resources/static/js/jquery.min.js,/python/CMD3/static/js/jquery.min.js,/python/SQLI-like/static/js/jquery.min.js,/python/DoS-regex/static/js/jquery.min.js,/python/SSRF/static/js/jquery.min.js,/python/ratelimiting/static/js/jquery.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery.min.js,/python/Url-redirection/static/js/jquery.min.js,/python/http-response-splitting/static/js/jquery.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery.min.js,/java/cmd2/src/main/resources/static/js/jquery.min.js,/java/racecondition/src/main/resources/static/js/jquery.min.js,/nodeJs/Graphql-DOS/static/js/jquery.min.js,/python/CSSI/static/js/jquery.min.js,/python/graphql-IDOR/static/js/jquery.min.js,/python/SQLI-blind/static/js/jquery.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery.min.js,/java/ldap-injection/src/main/resources/static/js/jquery.min.js,/java/lfi/src/main/resources/static/js/jquery.min.js,/java/csti/src/main/resources/static/js/jquery.min.js,/java/url-redirection/src/main/resources/static/js/jquery.min.js,/python/RaceCondition/static/js/jquery.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery.min.js,/python/client-side-restriction-bypass/static/js/jquery.min.js,/python/RaceCondition-file-write/static/js/jquery.min.js,/java/cssi/src/main/resources/static/js/jquery.min.js,/python/LFI-3/static/js/jquery.min.js,/python/CMD-Blind/static/js/jquery.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery.min.js,/python/XSS-DOM/static/js/jquery.min.js,/python/credentials-guessing-1/static/js/jquery.min.js,/python/XSS-DOM-2/static/js/jquery.min.js,/python/client-side-restriction-bypass-2/static/js/jquery.min.js,/python/Session-Management-1/static/js/jquery.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery.min.js,/python/SessionPuzzle/static/js/jquery.min.js,/java/xss/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-1/static/js/jquery.min.js,/java/xss-stored/src/main/resources/static/js/jquery.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery.min.js,/python/CSP/static/js/jquery.min.js,/java/ssrf/src/main/resources/static/js/jquery.min.js,/java/des-yaml/src/main/resources/static/js/jquery.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery.min.js,/python/LFI/static/js/jquery.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery.min.js,/java/cmd3/src/main/resources/static/js/jquery.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery.min.js,/python/SSTI/static/js/jquery.min.js,/python/File-upload/static/js/jquery.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-3/static/js/jquery.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery.min.js
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
Path to vulnerable library: /java/url-redirection-harder/src/main/resources/static/js/jquery.min.js,/java/sqli-like/src/main/resources/static/js/jquery.min.js,/python/CSRF-SameSite/static/js/jquery.min.js,/python/SQLI-login-bypass/static/js/jquery.min.js,/python/X-allow-origin/static/js/jquery.min.js,/python/Ldap-injection-harder/static/js/jquery.min.js,/java/xss-url/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery.min.js,/python/NoSQL/static/js/jquery.min.js,/python/weak-lock-out-mechanism/static/js/jquery.min.js,/python/user-registration-process/static/js/jquery.min.js,/python/Ldap-injection/static/js/jquery.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery.min.js,/python/XSS-url/static/js/jquery.min.js,/java/lfi2/src/main/resources/static/js/jquery.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass/static/js/jquery.min.js,/python/CMD/static/js/jquery.min.js,/java/cmd/src/main/resources/static/js/jquery.min.js,/python/graphql-info-introspection/static/js/jquery.min.js,/python/CSTI/static/js/jquery.min.js,/python/Auth-bypass-simple/static/js/jquery.min.js,/c/32_bufferOverflow/static/js/jquery.min.js,/java/lfi3/src/main/resources/static/js/jquery.min.js,/java/cmd-blind/src/main/resources/static/js/jquery.min.js,/python/JWT-null/static/js/jquery.min.js,/java/csrf/src/main/resources/static/js/jquery.min.js,/java/cors/src/main/resources/static/js/jquery.min.js,/python/CORS/static/js/jquery.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery.min.js,/python/CMD4/static/js/jquery.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery.min.js,/java/graphql-idor/src/main/resources/static/js/jquery.min.js,/java/graphql-injections/src/main/resources/static/js/jquery.min.js,/java/jwt-null/src/main/resources/static/js/jquery.min.js,/java/idor/src/main/resources/static/js/jquery.min.js,/java/des-java/src/main/resources/static/js/jquery.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery.min.js,/python/LFI-2/static/js/jquery.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery.min.js,/java/cmd4/src/main/resources/static/js/jquery.min.js,/java/ssti/src/main/resources/static/js/jquery.min.js,/python/graphql-injections/static/js/jquery.min.js,/java/xss-dom2/src/main/resources/static/js/jquery.min.js,/python/Threat-modeling/static/js/jquery.min.js,/python/Unreferenced-files/static/js/jquery.min.js,/java/csp/src/main/resources/static/js/jquery.min.js,/python/DES-Pickle/static/js/jquery.min.js,/python/CMD2/static/js/jquery.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery.min.js,/python/CSRF/static/js/jquery.min.js,/nodeJs/Graphql-IDOR/static/js/jquery.min.js,/java/dos-regex/src/main/resources/static/js/jquery.min.js,/python/Content-type/static/js/jquery.min.js,/python/SQLI/static/js/jquery.min.js,/python/Url-redirection-harder/static/js/jquery.min.js,/java/ratelimiting/src/main/resources/static/js/jquery.min.js,/python/Untrusted-sources-js/static/js/jquery.min.js,/python/XSS/static/js/jquery.min.js,/python/TLS-downgrade/static/js/jquery.min.js,/lab-template/static/js/jquery.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery.min.js,/python/IDOR/static/js/jquery.min.js,/python/account-provisioning-process/static/js/jquery.min.js,/python/info-leakeage-metadata/static/js/jquery.min.js,/java/sqli/src/main/resources/static/js/jquery.min.js,/python/CSRF-weak/static/js/jquery.min.js,/python/DES-Pickle-2/static/js/jquery.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery.min.js,/python/Formula-injection/static/js/jquery.min.js,/java/csrf-weak/src/main/resources/static/js/jquery.min.js,/python/DNS-rebinding/static/js/jquery.min.js,/python/Auth-bypass-2/static/js/jquery.min.js,/java/ssti/src/main/resources/static/old/js/jquery.min.js,/python/Attack-Server/static/js/jquery.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery.min.js,/python/Session-Management-2/static/js/jquery.min.js,/java/formula-injection/src/main/resources/static/js/jquery.min.js,/python/credentials-guessing-2/static/js/jquery.min.js,/python/XSS-attribute/static/js/jquery.min.js,/python/session-hijacking-xss/static/js/jquery.min.js,/python/JWT-secret/static/js/jquery.min.js,/python/info-leakeage-comments/static/js/jquery.min.js,/java/sqli-blind/src/main/resources/static/js/jquery.min.js,/python/Url-redirection-harder2/static/js/jquery.min.js,/python/HTML-injection/static/js/jquery.min.js,/python/XXE/static/js/jquery.min.js,/python/RFI/static/js/jquery.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery.min.js,/java/file-upload/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery.min.js,/java/xxe/src/main/resources/static/js/jquery.min.js,/python/graphql-mutation/static/js/jquery.min.js,/python/DES-Yaml/static/js/jquery.min.js,/java/jwt-secret/src/main/resources/static/js/jquery.min.js,/python/Web-cache-poisoning/static/js/jquery.min.js,/python/RTLO/static/js/jquery.min.js,/java/rfi/src/main/resources/static/js/jquery.min.js,/java/xss-dom/src/main/resources/static/js/jquery.min.js,/java/rtlo/src/main/resources/static/js/jquery.min.js,/java/content-type/src/main/resources/static/js/jquery.min.js,/java/parameter-binding/src/main/resources/static/js/jquery.min.js,/python/CMD3/static/js/jquery.min.js,/python/SQLI-like/static/js/jquery.min.js,/python/DoS-regex/static/js/jquery.min.js,/python/SSRF/static/js/jquery.min.js,/python/ratelimiting/static/js/jquery.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery.min.js,/python/Url-redirection/static/js/jquery.min.js,/python/http-response-splitting/static/js/jquery.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery.min.js,/java/cmd2/src/main/resources/static/js/jquery.min.js,/java/racecondition/src/main/resources/static/js/jquery.min.js,/nodeJs/Graphql-DOS/static/js/jquery.min.js,/python/CSSI/static/js/jquery.min.js,/python/graphql-IDOR/static/js/jquery.min.js,/python/SQLI-blind/static/js/jquery.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery.min.js,/java/ldap-injection/src/main/resources/static/js/jquery.min.js,/java/lfi/src/main/resources/static/js/jquery.min.js,/java/csti/src/main/resources/static/js/jquery.min.js,/java/url-redirection/src/main/resources/static/js/jquery.min.js,/python/RaceCondition/static/js/jquery.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery.min.js,/python/client-side-restriction-bypass/static/js/jquery.min.js,/python/RaceCondition-file-write/static/js/jquery.min.js,/java/cssi/src/main/resources/static/js/jquery.min.js,/python/LFI-3/static/js/jquery.min.js,/python/CMD-Blind/static/js/jquery.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery.min.js,/python/XSS-DOM/static/js/jquery.min.js,/python/credentials-guessing-1/static/js/jquery.min.js,/python/XSS-DOM-2/static/js/jquery.min.js,/python/client-side-restriction-bypass-2/static/js/jquery.min.js,/python/Session-Management-1/static/js/jquery.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery.min.js,/python/SessionPuzzle/static/js/jquery.min.js,/java/xss/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-1/static/js/jquery.min.js,/java/xss-stored/src/main/resources/static/js/jquery.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery.min.js,/python/CSP/static/js/jquery.min.js,/java/ssrf/src/main/resources/static/js/jquery.min.js,/java/des-yaml/src/main/resources/static/js/jquery.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery.min.js,/python/LFI/static/js/jquery.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery.min.js,/java/cmd3/src/main/resources/static/js/jquery.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery.min.js,/python/SSTI/static/js/jquery.min.js,/python/File-upload/static/js/jquery.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-3/static/js/jquery.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery.min.js
Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-11023
### Vulnerable Library - jquery-3.1.1.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
Path to vulnerable library: /java/url-redirection-harder/src/main/resources/static/js/jquery.min.js,/java/sqli-like/src/main/resources/static/js/jquery.min.js,/python/CSRF-SameSite/static/js/jquery.min.js,/python/SQLI-login-bypass/static/js/jquery.min.js,/python/X-allow-origin/static/js/jquery.min.js,/python/Ldap-injection-harder/static/js/jquery.min.js,/java/xss-url/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery.min.js,/python/NoSQL/static/js/jquery.min.js,/python/weak-lock-out-mechanism/static/js/jquery.min.js,/python/user-registration-process/static/js/jquery.min.js,/python/Ldap-injection/static/js/jquery.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery.min.js,/python/XSS-url/static/js/jquery.min.js,/java/lfi2/src/main/resources/static/js/jquery.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass/static/js/jquery.min.js,/python/CMD/static/js/jquery.min.js,/java/cmd/src/main/resources/static/js/jquery.min.js,/python/graphql-info-introspection/static/js/jquery.min.js,/python/CSTI/static/js/jquery.min.js,/python/Auth-bypass-simple/static/js/jquery.min.js,/c/32_bufferOverflow/static/js/jquery.min.js,/java/lfi3/src/main/resources/static/js/jquery.min.js,/java/cmd-blind/src/main/resources/static/js/jquery.min.js,/python/JWT-null/static/js/jquery.min.js,/java/csrf/src/main/resources/static/js/jquery.min.js,/java/cors/src/main/resources/static/js/jquery.min.js,/python/CORS/static/js/jquery.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery.min.js,/python/CMD4/static/js/jquery.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery.min.js,/java/graphql-idor/src/main/resources/static/js/jquery.min.js,/java/graphql-injections/src/main/resources/static/js/jquery.min.js,/java/jwt-null/src/main/resources/static/js/jquery.min.js,/java/idor/src/main/resources/static/js/jquery.min.js,/java/des-java/src/main/resources/static/js/jquery.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery.min.js,/python/LFI-2/static/js/jquery.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery.min.js,/java/cmd4/src/main/resources/static/js/jquery.min.js,/java/ssti/src/main/resources/static/js/jquery.min.js,/python/graphql-injections/static/js/jquery.min.js,/java/xss-dom2/src/main/resources/static/js/jquery.min.js,/python/Threat-modeling/static/js/jquery.min.js,/python/Unreferenced-files/static/js/jquery.min.js,/java/csp/src/main/resources/static/js/jquery.min.js,/python/DES-Pickle/static/js/jquery.min.js,/python/CMD2/static/js/jquery.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery.min.js,/python/CSRF/static/js/jquery.min.js,/nodeJs/Graphql-IDOR/static/js/jquery.min.js,/java/dos-regex/src/main/resources/static/js/jquery.min.js,/python/Content-type/static/js/jquery.min.js,/python/SQLI/static/js/jquery.min.js,/python/Url-redirection-harder/static/js/jquery.min.js,/java/ratelimiting/src/main/resources/static/js/jquery.min.js,/python/Untrusted-sources-js/static/js/jquery.min.js,/python/XSS/static/js/jquery.min.js,/python/TLS-downgrade/static/js/jquery.min.js,/lab-template/static/js/jquery.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery.min.js,/python/IDOR/static/js/jquery.min.js,/python/account-provisioning-process/static/js/jquery.min.js,/python/info-leakeage-metadata/static/js/jquery.min.js,/java/sqli/src/main/resources/static/js/jquery.min.js,/python/CSRF-weak/static/js/jquery.min.js,/python/DES-Pickle-2/static/js/jquery.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery.min.js,/python/Formula-injection/static/js/jquery.min.js,/java/csrf-weak/src/main/resources/static/js/jquery.min.js,/python/DNS-rebinding/static/js/jquery.min.js,/python/Auth-bypass-2/static/js/jquery.min.js,/java/ssti/src/main/resources/static/old/js/jquery.min.js,/python/Attack-Server/static/js/jquery.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery.min.js,/python/Session-Management-2/static/js/jquery.min.js,/java/formula-injection/src/main/resources/static/js/jquery.min.js,/python/credentials-guessing-2/static/js/jquery.min.js,/python/XSS-attribute/static/js/jquery.min.js,/python/session-hijacking-xss/static/js/jquery.min.js,/python/JWT-secret/static/js/jquery.min.js,/python/info-leakeage-comments/static/js/jquery.min.js,/java/sqli-blind/src/main/resources/static/js/jquery.min.js,/python/Url-redirection-harder2/static/js/jquery.min.js,/python/HTML-injection/static/js/jquery.min.js,/python/XXE/static/js/jquery.min.js,/python/RFI/static/js/jquery.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery.min.js,/java/file-upload/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery.min.js,/java/xxe/src/main/resources/static/js/jquery.min.js,/python/graphql-mutation/static/js/jquery.min.js,/python/DES-Yaml/static/js/jquery.min.js,/java/jwt-secret/src/main/resources/static/js/jquery.min.js,/python/Web-cache-poisoning/static/js/jquery.min.js,/python/RTLO/static/js/jquery.min.js,/java/rfi/src/main/resources/static/js/jquery.min.js,/java/xss-dom/src/main/resources/static/js/jquery.min.js,/java/rtlo/src/main/resources/static/js/jquery.min.js,/java/content-type/src/main/resources/static/js/jquery.min.js,/java/parameter-binding/src/main/resources/static/js/jquery.min.js,/python/CMD3/static/js/jquery.min.js,/python/SQLI-like/static/js/jquery.min.js,/python/DoS-regex/static/js/jquery.min.js,/python/SSRF/static/js/jquery.min.js,/python/ratelimiting/static/js/jquery.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery.min.js,/python/Url-redirection/static/js/jquery.min.js,/python/http-response-splitting/static/js/jquery.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery.min.js,/java/cmd2/src/main/resources/static/js/jquery.min.js,/java/racecondition/src/main/resources/static/js/jquery.min.js,/nodeJs/Graphql-DOS/static/js/jquery.min.js,/python/CSSI/static/js/jquery.min.js,/python/graphql-IDOR/static/js/jquery.min.js,/python/SQLI-blind/static/js/jquery.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery.min.js,/java/ldap-injection/src/main/resources/static/js/jquery.min.js,/java/lfi/src/main/resources/static/js/jquery.min.js,/java/csti/src/main/resources/static/js/jquery.min.js,/java/url-redirection/src/main/resources/static/js/jquery.min.js,/python/RaceCondition/static/js/jquery.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery.min.js,/python/client-side-restriction-bypass/static/js/jquery.min.js,/python/RaceCondition-file-write/static/js/jquery.min.js,/java/cssi/src/main/resources/static/js/jquery.min.js,/python/LFI-3/static/js/jquery.min.js,/python/CMD-Blind/static/js/jquery.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery.min.js,/python/XSS-DOM/static/js/jquery.min.js,/python/credentials-guessing-1/static/js/jquery.min.js,/python/XSS-DOM-2/static/js/jquery.min.js,/python/client-side-restriction-bypass-2/static/js/jquery.min.js,/python/Session-Management-1/static/js/jquery.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery.min.js,/python/SessionPuzzle/static/js/jquery.min.js,/java/xss/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-1/static/js/jquery.min.js,/java/xss-stored/src/main/resources/static/js/jquery.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery.min.js,/python/CSP/static/js/jquery.min.js,/java/ssrf/src/main/resources/static/js/jquery.min.js,/java/des-yaml/src/main/resources/static/js/jquery.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery.min.js,/python/LFI/static/js/jquery.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery.min.js,/java/cmd3/src/main/resources/static/js/jquery.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery.min.js,/python/SSTI/static/js/jquery.min.js,/python/File-upload/static/js/jquery.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-3/static/js/jquery.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery.min.js
Dependency Hierarchy: - :x: **jquery-3.1.1.min.js** (Vulnerable Library)
Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab
Found in base branch: master
### Vulnerability DetailsIn jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing
### CVSS 3 Score Details (6.9)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
CVE-2020-11022
### Vulnerable Library - jquery-3.1.1.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
Path to vulnerable library: /java/url-redirection-harder/src/main/resources/static/js/jquery.min.js,/java/sqli-like/src/main/resources/static/js/jquery.min.js,/python/CSRF-SameSite/static/js/jquery.min.js,/python/SQLI-login-bypass/static/js/jquery.min.js,/python/X-allow-origin/static/js/jquery.min.js,/python/Ldap-injection-harder/static/js/jquery.min.js,/java/xss-url/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery.min.js,/python/NoSQL/static/js/jquery.min.js,/python/weak-lock-out-mechanism/static/js/jquery.min.js,/python/user-registration-process/static/js/jquery.min.js,/python/Ldap-injection/static/js/jquery.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery.min.js,/python/XSS-url/static/js/jquery.min.js,/java/lfi2/src/main/resources/static/js/jquery.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass/static/js/jquery.min.js,/python/CMD/static/js/jquery.min.js,/java/cmd/src/main/resources/static/js/jquery.min.js,/python/graphql-info-introspection/static/js/jquery.min.js,/python/CSTI/static/js/jquery.min.js,/python/Auth-bypass-simple/static/js/jquery.min.js,/c/32_bufferOverflow/static/js/jquery.min.js,/java/lfi3/src/main/resources/static/js/jquery.min.js,/java/cmd-blind/src/main/resources/static/js/jquery.min.js,/python/JWT-null/static/js/jquery.min.js,/java/csrf/src/main/resources/static/js/jquery.min.js,/java/cors/src/main/resources/static/js/jquery.min.js,/python/CORS/static/js/jquery.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery.min.js,/python/CMD4/static/js/jquery.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery.min.js,/java/graphql-idor/src/main/resources/static/js/jquery.min.js,/java/graphql-injections/src/main/resources/static/js/jquery.min.js,/java/jwt-null/src/main/resources/static/js/jquery.min.js,/java/idor/src/main/resources/static/js/jquery.min.js,/java/des-java/src/main/resources/static/js/jquery.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery.min.js,/python/LFI-2/static/js/jquery.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery.min.js,/java/cmd4/src/main/resources/static/js/jquery.min.js,/java/ssti/src/main/resources/static/js/jquery.min.js,/python/graphql-injections/static/js/jquery.min.js,/java/xss-dom2/src/main/resources/static/js/jquery.min.js,/python/Threat-modeling/static/js/jquery.min.js,/python/Unreferenced-files/static/js/jquery.min.js,/java/csp/src/main/resources/static/js/jquery.min.js,/python/DES-Pickle/static/js/jquery.min.js,/python/CMD2/static/js/jquery.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery.min.js,/python/CSRF/static/js/jquery.min.js,/nodeJs/Graphql-IDOR/static/js/jquery.min.js,/java/dos-regex/src/main/resources/static/js/jquery.min.js,/python/Content-type/static/js/jquery.min.js,/python/SQLI/static/js/jquery.min.js,/python/Url-redirection-harder/static/js/jquery.min.js,/java/ratelimiting/src/main/resources/static/js/jquery.min.js,/python/Untrusted-sources-js/static/js/jquery.min.js,/python/XSS/static/js/jquery.min.js,/python/TLS-downgrade/static/js/jquery.min.js,/lab-template/static/js/jquery.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery.min.js,/python/IDOR/static/js/jquery.min.js,/python/account-provisioning-process/static/js/jquery.min.js,/python/info-leakeage-metadata/static/js/jquery.min.js,/java/sqli/src/main/resources/static/js/jquery.min.js,/python/CSRF-weak/static/js/jquery.min.js,/python/DES-Pickle-2/static/js/jquery.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery.min.js,/python/Formula-injection/static/js/jquery.min.js,/java/csrf-weak/src/main/resources/static/js/jquery.min.js,/python/DNS-rebinding/static/js/jquery.min.js,/python/Auth-bypass-2/static/js/jquery.min.js,/java/ssti/src/main/resources/static/old/js/jquery.min.js,/python/Attack-Server/static/js/jquery.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery.min.js,/python/Session-Management-2/static/js/jquery.min.js,/java/formula-injection/src/main/resources/static/js/jquery.min.js,/python/credentials-guessing-2/static/js/jquery.min.js,/python/XSS-attribute/static/js/jquery.min.js,/python/session-hijacking-xss/static/js/jquery.min.js,/python/JWT-secret/static/js/jquery.min.js,/python/info-leakeage-comments/static/js/jquery.min.js,/java/sqli-blind/src/main/resources/static/js/jquery.min.js,/python/Url-redirection-harder2/static/js/jquery.min.js,/python/HTML-injection/static/js/jquery.min.js,/python/XXE/static/js/jquery.min.js,/python/RFI/static/js/jquery.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery.min.js,/java/file-upload/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery.min.js,/java/xxe/src/main/resources/static/js/jquery.min.js,/python/graphql-mutation/static/js/jquery.min.js,/python/DES-Yaml/static/js/jquery.min.js,/java/jwt-secret/src/main/resources/static/js/jquery.min.js,/python/Web-cache-poisoning/static/js/jquery.min.js,/python/RTLO/static/js/jquery.min.js,/java/rfi/src/main/resources/static/js/jquery.min.js,/java/xss-dom/src/main/resources/static/js/jquery.min.js,/java/rtlo/src/main/resources/static/js/jquery.min.js,/java/content-type/src/main/resources/static/js/jquery.min.js,/java/parameter-binding/src/main/resources/static/js/jquery.min.js,/python/CMD3/static/js/jquery.min.js,/python/SQLI-like/static/js/jquery.min.js,/python/DoS-regex/static/js/jquery.min.js,/python/SSRF/static/js/jquery.min.js,/python/ratelimiting/static/js/jquery.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery.min.js,/python/Url-redirection/static/js/jquery.min.js,/python/http-response-splitting/static/js/jquery.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery.min.js,/java/cmd2/src/main/resources/static/js/jquery.min.js,/java/racecondition/src/main/resources/static/js/jquery.min.js,/nodeJs/Graphql-DOS/static/js/jquery.min.js,/python/CSSI/static/js/jquery.min.js,/python/graphql-IDOR/static/js/jquery.min.js,/python/SQLI-blind/static/js/jquery.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery.min.js,/java/ldap-injection/src/main/resources/static/js/jquery.min.js,/java/lfi/src/main/resources/static/js/jquery.min.js,/java/csti/src/main/resources/static/js/jquery.min.js,/java/url-redirection/src/main/resources/static/js/jquery.min.js,/python/RaceCondition/static/js/jquery.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery.min.js,/python/client-side-restriction-bypass/static/js/jquery.min.js,/python/RaceCondition-file-write/static/js/jquery.min.js,/java/cssi/src/main/resources/static/js/jquery.min.js,/python/LFI-3/static/js/jquery.min.js,/python/CMD-Blind/static/js/jquery.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery.min.js,/python/XSS-DOM/static/js/jquery.min.js,/python/credentials-guessing-1/static/js/jquery.min.js,/python/XSS-DOM-2/static/js/jquery.min.js,/python/client-side-restriction-bypass-2/static/js/jquery.min.js,/python/Session-Management-1/static/js/jquery.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery.min.js,/python/SessionPuzzle/static/js/jquery.min.js,/java/xss/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-1/static/js/jquery.min.js,/java/xss-stored/src/main/resources/static/js/jquery.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery.min.js,/python/CSP/static/js/jquery.min.js,/java/ssrf/src/main/resources/static/js/jquery.min.js,/java/des-yaml/src/main/resources/static/js/jquery.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery.min.js,/python/LFI/static/js/jquery.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery.min.js,/java/cmd3/src/main/resources/static/js/jquery.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery.min.js,/python/SSTI/static/js/jquery.min.js,/python/File-upload/static/js/jquery.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-3/static/js/jquery.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery.min.js
Dependency Hierarchy: - :x: **jquery-3.1.1.min.js** (Vulnerable Library)
Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab
Found in base branch: master
### Vulnerability DetailsIn jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
### CVSS 3 Score Details (6.9)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
CVE-2019-11358
### Vulnerable Library - jquery-3.1.1.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
Path to vulnerable library: /java/url-redirection-harder/src/main/resources/static/js/jquery.min.js,/java/sqli-like/src/main/resources/static/js/jquery.min.js,/python/CSRF-SameSite/static/js/jquery.min.js,/python/SQLI-login-bypass/static/js/jquery.min.js,/python/X-allow-origin/static/js/jquery.min.js,/python/Ldap-injection-harder/static/js/jquery.min.js,/java/xss-url/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass/src/main/resources/static/js/jquery.min.js,/java/csrf-samesite/src/main/resources/static/js/jquery.min.js,/python/NoSQL/static/js/jquery.min.js,/python/weak-lock-out-mechanism/static/js/jquery.min.js,/python/user-registration-process/static/js/jquery.min.js,/python/Ldap-injection/static/js/jquery.min.js,/python/weak-or-unenforced-username-policy/static/js/jquery.min.js,/python/XSS-url/static/js/jquery.min.js,/java/lfi2/src/main/resources/static/js/jquery.min.js,/java/graphql-dos-resource-exhaustion/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass/static/js/jquery.min.js,/python/CMD/static/js/jquery.min.js,/java/cmd/src/main/resources/static/js/jquery.min.js,/python/graphql-info-introspection/static/js/jquery.min.js,/python/CSTI/static/js/jquery.min.js,/python/Auth-bypass-simple/static/js/jquery.min.js,/c/32_bufferOverflow/static/js/jquery.min.js,/java/lfi3/src/main/resources/static/js/jquery.min.js,/java/cmd-blind/src/main/resources/static/js/jquery.min.js,/python/JWT-null/static/js/jquery.min.js,/java/csrf/src/main/resources/static/js/jquery.min.js,/java/cors/src/main/resources/static/js/jquery.min.js,/python/CORS/static/js/jquery.min.js,/java/graphql-info-introspection/src/main/resources/static/js/jquery.min.js,/python/CMD4/static/js/jquery.min.js,/java/auth-bypass2/src/main/resources/static/js/jquery.min.js,/java/graphql-idor/src/main/resources/static/js/jquery.min.js,/java/graphql-injections/src/main/resources/static/js/jquery.min.js,/java/jwt-null/src/main/resources/static/js/jquery.min.js,/java/idor/src/main/resources/static/js/jquery.min.js,/java/des-java/src/main/resources/static/js/jquery.min.js,/java/graphql-mutation/src/main/resources/static/js/jquery.min.js,/python/LFI-2/static/js/jquery.min.js,/java/untrusted-sources/src/main/resources/static/js/jquery.min.js,/java/cmd4/src/main/resources/static/js/jquery.min.js,/java/ssti/src/main/resources/static/js/jquery.min.js,/python/graphql-injections/static/js/jquery.min.js,/java/xss-dom2/src/main/resources/static/js/jquery.min.js,/python/Threat-modeling/static/js/jquery.min.js,/python/Unreferenced-files/static/js/jquery.min.js,/java/csp/src/main/resources/static/js/jquery.min.js,/python/DES-Pickle/static/js/jquery.min.js,/python/CMD2/static/js/jquery.min.js,/python/WebSocket-Message-Manipulation/static/js/jquery.min.js,/python/CSRF/static/js/jquery.min.js,/nodeJs/Graphql-IDOR/static/js/jquery.min.js,/java/dos-regex/src/main/resources/static/js/jquery.min.js,/python/Content-type/static/js/jquery.min.js,/python/SQLI/static/js/jquery.min.js,/python/Url-redirection-harder/static/js/jquery.min.js,/java/ratelimiting/src/main/resources/static/js/jquery.min.js,/python/Untrusted-sources-js/static/js/jquery.min.js,/python/XSS/static/js/jquery.min.js,/python/TLS-downgrade/static/js/jquery.min.js,/lab-template/static/js/jquery.min.js,/java/auth-bypass3/src/main/resources/static/js/jquery.min.js,/python/IDOR/static/js/jquery.min.js,/python/account-provisioning-process/static/js/jquery.min.js,/python/info-leakeage-metadata/static/js/jquery.min.js,/java/sqli/src/main/resources/static/js/jquery.min.js,/python/CSRF-weak/static/js/jquery.min.js,/python/DES-Pickle-2/static/js/jquery.min.js,/java/info-leakage-comments/src/main/resources/static/js/jquery.min.js,/python/Formula-injection/static/js/jquery.min.js,/java/csrf-weak/src/main/resources/static/js/jquery.min.js,/python/DNS-rebinding/static/js/jquery.min.js,/python/Auth-bypass-2/static/js/jquery.min.js,/java/ssti/src/main/resources/static/old/js/jquery.min.js,/python/Attack-Server/static/js/jquery.min.js,/python/HTTP-desync-CLTE-backend-server/static/js/jquery.min.js,/python/Session-Management-2/static/js/jquery.min.js,/java/formula-injection/src/main/resources/static/js/jquery.min.js,/python/credentials-guessing-2/static/js/jquery.min.js,/python/XSS-attribute/static/js/jquery.min.js,/python/session-hijacking-xss/static/js/jquery.min.js,/python/JWT-secret/static/js/jquery.min.js,/python/info-leakeage-comments/static/js/jquery.min.js,/java/sqli-blind/src/main/resources/static/js/jquery.min.js,/python/Url-redirection-harder2/static/js/jquery.min.js,/python/HTML-injection/static/js/jquery.min.js,/python/XXE/static/js/jquery.min.js,/python/RFI/static/js/jquery.min.js,/java/ldap-injection-harder/src/main/resources/static/js/jquery.min.js,/java/file-upload/src/main/resources/static/js/jquery.min.js,/java/client-side-restriction-bypass-2/src/main/resources/static/js/jquery.min.js,/java/xxe/src/main/resources/static/js/jquery.min.js,/python/graphql-mutation/static/js/jquery.min.js,/python/DES-Yaml/static/js/jquery.min.js,/java/jwt-secret/src/main/resources/static/js/jquery.min.js,/python/Web-cache-poisoning/static/js/jquery.min.js,/python/RTLO/static/js/jquery.min.js,/java/rfi/src/main/resources/static/js/jquery.min.js,/java/xss-dom/src/main/resources/static/js/jquery.min.js,/java/rtlo/src/main/resources/static/js/jquery.min.js,/java/content-type/src/main/resources/static/js/jquery.min.js,/java/parameter-binding/src/main/resources/static/js/jquery.min.js,/python/CMD3/static/js/jquery.min.js,/python/SQLI-like/static/js/jquery.min.js,/python/DoS-regex/static/js/jquery.min.js,/python/SSRF/static/js/jquery.min.js,/python/ratelimiting/static/js/jquery.min.js,/java/credentials-guessing1/src/main/resources/static/js/jquery.min.js,/python/Url-redirection/static/js/jquery.min.js,/python/http-response-splitting/static/js/jquery.min.js,/java/sessionpuzzle/src/main/resources/static/js/jquery.min.js,/java/cmd2/src/main/resources/static/js/jquery.min.js,/java/racecondition/src/main/resources/static/js/jquery.min.js,/nodeJs/Graphql-DOS/static/js/jquery.min.js,/python/CSSI/static/js/jquery.min.js,/python/graphql-IDOR/static/js/jquery.min.js,/python/SQLI-blind/static/js/jquery.min.js,/java/session-hijacking-xss/src/main/resources/static/js/jquery.min.js,/java/ldap-injection/src/main/resources/static/js/jquery.min.js,/java/lfi/src/main/resources/static/js/jquery.min.js,/java/csti/src/main/resources/static/js/jquery.min.js,/java/url-redirection/src/main/resources/static/js/jquery.min.js,/python/RaceCondition/static/js/jquery.min.js,/python/Host-Header-Authentication-Bypass/static/js/jquery.min.js,/python/client-side-restriction-bypass/static/js/jquery.min.js,/python/RaceCondition-file-write/static/js/jquery.min.js,/java/cssi/src/main/resources/static/js/jquery.min.js,/python/LFI-3/static/js/jquery.min.js,/python/CMD-Blind/static/js/jquery.min.js,/java/info-leakage-metadata/src/main/resources/static/js/jquery.min.js,/python/XSS-DOM/static/js/jquery.min.js,/python/credentials-guessing-1/static/js/jquery.min.js,/python/XSS-DOM-2/static/js/jquery.min.js,/python/client-side-restriction-bypass-2/static/js/jquery.min.js,/python/Session-Management-1/static/js/jquery.min.js,/java/credentials-guessing2/src/main/resources/static/js/jquery.min.js,/python/SessionPuzzle/static/js/jquery.min.js,/java/xss/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-1/static/js/jquery.min.js,/java/xss-stored/src/main/resources/static/js/jquery.min.js,/java/url-redirection-harder2/src/main/resources/static/js/jquery.min.js,/python/CSP/static/js/jquery.min.js,/java/ssrf/src/main/resources/static/js/jquery.min.js,/java/des-yaml/src/main/resources/static/js/jquery.min.js,/java/auth-bypass-simple/src/main/resources/static/js/jquery.min.js,/python/LFI/static/js/jquery.min.js,/python/graphql-dos-resource-exhaustion/static/js/jquery.min.js,/java/cmd3/src/main/resources/static/js/jquery.min.js,/java/racecondition-file-write/src/main/resources/static/js/jquery.min.js,/python/SSTI/static/js/jquery.min.js,/python/File-upload/static/js/jquery.min.js,/java/http-response-splitting/src/main/resources/static/js/jquery.min.js,/python/Auth-bypass-3/static/js/jquery.min.js,/java/auth-bypass1/src/main/resources/static/js/jquery.min.js
Dependency Hierarchy: - :x: **jquery-3.1.1.min.js** (Vulnerable Library)
Found in HEAD commit: dbff3320673205dea2e0a4c513d54497ca905aab
Found in base branch: master
### Vulnerability DetailsjQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Publish Date: 2019-04-19
URL: CVE-2019-11358
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: jquery - 3.4.0