Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-11022 | 8 Debian, Drupal, Fedoraproject and 5 more | 78 Debian Linux, Drupal, Fedora and 75 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | |||||
CVE-2020-11023 | 7 Debian, Drupal, Fedoraproject and 4 more | 54 Debian Linux, Drupal, Fedora and 51 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | |||||
CVE-2020-7699 | 2 Express-fileupload Project, Netapp | 2 Express-fileupload, Max Data | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution. | |||||
CVE-2020-15801 | 3 Microsoft, Netapp, Python | 3 Windows, Max Data, Python | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. |