Fluid Attacks Database

Description

org.webjars:jquery is a JavaScript library. It makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The location.hash() function was used to select elements, but also allows remote attackers to inject script into the page.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rubygems	jquery-rails	>=0 <1.0.16	1.0.16
maven	org.webjars.npm:jquery	>=0 <1.6.3	1.6.3
nuget	jquery	>=0 <1.6.3 \|\| >=0 <1.6.3	1.6.3, 1.6.3
npm	jquery	>=0 <1.6.3	1.6.3
maven	org.webjars:jquery	>=0 <1.6.3	-

Aliases

1. CVE-2011-49692. NVD-2011-49693. OSV-2011-49694. GHSA-579v-mp3v-rrw55. GCVE-2011-49696. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2011-4969.yml7. DB-CVE-2011-4969

References

1. https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e92. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2011-4969.yml3. https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E4. https://security.netapp.com/advisory/ntap-20190416-00075. http://blog.jquery.com/2011/09/01/jquery-1-6-3-released6. http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html7. http://bugs.jquery.com/ticket/95218. http://www.openwall.com/lists/oss-security/2013/01/31/39. http://www.ubuntu.com/usn/USN-1722-110. https://github.com/jquery/jquery

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.