CX: CVE-2020-11023 in Npm-jquery and 1.11.0 @ Vuln_GO_App.master

[github-actions[bot]]

Description

In jQuery versions 1.0.3 through 3.4.1, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This vulnerability also affects jquery-rails versions through 4.3.5.

MEDIUM Vulnerable Package issue exists @ jquery in branch master

Vulnerability ID: CVE-2020-11023

Package Name: jquery

Severity: MEDIUM

CVSS Score: 6.1

Publish Date: 2020-04-29T15:45:00

Current Package Version: 1.11.0

Remediation Upgrade Recommendation: 3.5.0

Link To SCA

Reference – NVD link

[github-actions[bot]]

Issue still exists.