CVE-2020-11023 (Medium) detected in multiple libraries - autoclosed - Githubissues

dodekanisou / home-automation

Home automation via RPI and .net core

0 stars 1 forks source link

CVE-2020-11023 (Medium) detected in multiple libraries - autoclosed #209

Closed mend-bolt-for-github[bot] closed 3 years ago

mend-bolt-for-github[bot] commented 3 years ago

CVE-2020-11023 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-3.4.1.tgz, jquery-3.3.1.slim.min.js, jquery-3.2.1.slim.min.js, jquery-3.4.1.min.js, jquery-3.3.1.js, jquery-1.10.2.js, jquery-1.9.0.min.js, jquery-1.10.1.min.js, jquery-1.8.3.js, jquery-1.11.3.js, jquery-2.1.4.min.js, jquery-3.0.0.min.js, jquery-1.9.1.min.js, jquery-3.1.1.min.js, jquery-1.12.4.js, jquery-1.11.3.min.js, jquery-1.7.1.min.js, jquery-1.8.1.min.js

jquery-3.4.1.tgz

JavaScript library for DOM operations

Library home page: https://registry.npmjs.org/jquery/-/jquery-3.4.1.tgz

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/package.json

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/jquery/package.json

Dependency Hierarchy: - :x: **jquery-3.4.1.tgz** (Vulnerable Library)

jquery-3.3.1.slim.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.slim.min.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/daterangepicker/website/index.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/daterangepicker/website/index.html

Dependency Hierarchy: - :x: **jquery-3.3.1.slim.min.js** (Vulnerable Library)

jquery-3.2.1.slim.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.slim.min.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/bootstrap4-duallistbox/demo/index.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/bootstrap4-duallistbox/demo/index.html

Dependency Hierarchy: - :x: **jquery-3.2.1.slim.min.js** (Vulnerable Library)

jquery-3.4.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/pages/forms/editors.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/pages/forms/../../plugins/jquery/jquery.min.js,home-automation/RpiHost/wwwroot/lib/admin-lte/pages/charts/../../plugins/jquery/jquery.min.js,home-automation/RpiHost/wwwroot/lib/admin-lte/pages/layout/../../plugins/jquery/jquery.min.js,home-automation/RpiHost/wwwroot/lib/admin-lte/pages/UI/../../plugins/jquery/jquery.min.js,home-automation/RpiHost/wwwroot/lib/admin-lte/pages/mailbox/../../plugins/jquery/jquery.min.js,home-automation/RpiHost/wwwroot/lib/admin-lte/docs_html/assets/plugins/jquery/jquery.min.js,home-automation/RpiHost/wwwroot/lib/admin-lte/plugins/jquery/jquery.min.js,home-automation/RpiHost/wwwroot/lib/admin-lte/pages/tables/../../plugins/jquery/jquery.min.js,home-automation/RpiHost/wwwroot/lib/admin-lte/pages/examples/../../plugins/jquery/jquery.min.js,home-automation/RpiHost/wwwroot/lib/admin-lte/pages/../plugins/jquery/jquery.min.js

Dependency Hierarchy: - :x: **jquery-3.4.1.min.js** (Vulnerable Library)

jquery-3.3.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/plugins/daterangepicker/test.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/plugins/daterangepicker/test.html,home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/summernote/examples/with-google-font.html

Dependency Hierarchy: - :x: **jquery-3.3.1.js** (Vulnerable Library)

jquery-1.10.2.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/plugins/jsgrid/demos/data-manipulation.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/plugins/jsgrid/demos/data-manipulation.html

Dependency Hierarchy: - :x: **jquery-1.10.2.js** (Vulnerable Library)

jquery-1.9.0.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.0/jquery.min.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/jquery-knob-chif/index.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/jquery-knob-chif/index.html

Dependency Hierarchy: - :x: **jquery-1.9.0.min.js** (Vulnerable Library)

jquery-1.10.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.1/jquery.min.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/@lgaitan/pace-progress/docs/welcome/index.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/@lgaitan/pace-progress/docs/welcome/index.html

Dependency Hierarchy: - :x: **jquery-1.10.1.min.js** (Vulnerable Library)

jquery-1.8.3.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.3/jquery.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/jsgrid/demos/custom-view.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/jsgrid/demos/../external/jquery/jquery-1.8.3.js

Dependency Hierarchy: - :x: **jquery-1.8.3.js** (Vulnerable Library)

jquery-1.11.3.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/summernote/examples/ie8.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/summernote/examples/ie8.html

Dependency Hierarchy: - :x: **jquery-1.11.3.js** (Vulnerable Library)

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/flag-icon-css/index.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/flag-icon-css/index.html,home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/js-base64/test/index.html

Dependency Hierarchy: - :x: **jquery-2.1.4.min.js** (Vulnerable Library)

jquery-3.0.0.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.min.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/ekko-lightbox/examples/index.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/ekko-lightbox/examples/index.html,home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/ekko-lightbox/examples/bs3.html

Dependency Hierarchy: - :x: **jquery-3.0.0.min.js** (Vulnerable Library)

jquery-1.9.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/toastr/demo.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/toastr/demo.html

Dependency Hierarchy: - :x: **jquery-1.9.1.min.js** (Vulnerable Library)

jquery-3.1.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/bootstrap-switch/docs/404.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/bootstrap-switch/docs/404.html

Dependency Hierarchy: - :x: **jquery-3.1.1.min.js** (Vulnerable Library)

jquery-1.12.4.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/plugins/jquery-ui/index.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/plugins/jquery-ui/external/jquery/jquery.js,home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/jquery-ui-dist/external/jquery/jquery.js

Dependency Hierarchy: - :x: **jquery-1.12.4.js** (Vulnerable Library)

jquery-1.11.3.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.min.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/jqvmap-novulnerability/examples/usa_districts.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/node_modules/jqvmap-novulnerability/examples/usa_districts.html

Dependency Hierarchy: - :x: **jquery-1.11.3.min.js** (Vulnerable Library)

jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/mustache/node_modules/vm-browserify/example/run/index.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/mustache/node_modules/vm-browserify/example/run/index.html

Dependency Hierarchy: - :x: **jquery-1.7.1.min.js** (Vulnerable Library)

jquery-1.8.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js

Path to dependency file: home-automation/RpiHost/wwwroot/lib/admin-lte/plugins/jquery-ui/node_modules/bower/lib/node_modules/redeyed/examples/browser/index.html

Path to vulnerable library: home-automation/RpiHost/wwwroot/lib/admin-lte/plugins/jquery-ui/node_modules/bower/lib/node_modules/redeyed/examples/browser/index.html

Dependency Hierarchy: - :x: **jquery-1.8.1.min.js** (Vulnerable Library)

Found in HEAD commit: 9b930d6dfb4815ac9f51831ae63b498835ce6700

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] commented 3 years ago

:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #215

mend-bolt-for-github[bot] commented 3 years ago

:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #215

mend-bolt-for-github[bot] commented 3 years ago

:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #215

mend-bolt-for-github[bot] commented 3 years ago

:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #215

mend-bolt-for-github[bot] commented 3 years ago

:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #215