jquery 3.0.0 Release Candidate 1 for Node.js

CPE Details

jquery 3.0.0 Release Candidate 1 for Node.js
jquery
jquery
3.0.0
2020-05-20
16h02 +00:00
2020-05-20
16h02 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jquery:jquery:3.0.0:rc1:*:*:*:node.js:*:*

Informations

Vendor

jquery

Product

jquery

Version

3.0.0

Update

rc1

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-11023 2020-04-29 00h00 +00:00 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing
6.9
Medium
CVE-2020-11022 2020-04-28 22h00 +00:00 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
6.9
Medium
CVE-2019-11358 2019-04-18 22h00 +00:00 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
6.1
Medium
CVE-2016-10707 2018-01-18 22h00 +00:00 jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
7.5
High