CVE-2020-11023
Description
Moderate: doxygen security update
CISA KEV
- Vendor
- JQuery
- Product
- JQuery
- Due date
- 2025-02-13
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-1329.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-1309.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-1300.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-1346.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-1210.html
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2021-4142.html
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2021-1846.html
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-1314.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:1314
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-1215.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:1215
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-1338.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:1338
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-1306.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:1306
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-1301.html
Vendor advisory: alma — https://bugzilla.redhat.com/1850004
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:1301
Vendor advisory: cisa-kev — This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 ; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2020-11023
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-11023
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:1329
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:1309
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:1210
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:1300
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2020:4847
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2021:1846
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2021:4142
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2020-11023.html
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:1301
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:1306
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:1215
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:1338
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:1314
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:1346
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:1329
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:1309
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:1300
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:1210
Exploits
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| rocky | 9 | fixed | |
| debian | bookworm | fixed | 3.5.0+dfsg-2 |
| debian | bullseye | fixed | 3.5.0+dfsg-2 |
| debian | forky | fixed | 3.5.0+dfsg-2 |
| debian | sid | fixed | 3.5.0+dfsg-2 |
| debian | trixie | fixed | 3.5.0+dfsg-2 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| RubyGems | jquery-rails | <>= 4.4.0 | >= 4.4.0 |
| npm | jquery | >=1.0.3,<3.5.0 | 3.5.0 |
| RubyGems | jquery-rails | <4.4.0 | 4.4.0 |
| NuGet | jQuery | >=1.0.3,<3.5.0 | 3.5.0 |
| Maven | org.webjars.npm:jquery | >=1.0.3,<3.5.0 | 3.5.0 |
| Packagist | components/jquery | >=1.0.3,<3.5.0 | 3.5.0 |
References
- https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
- https://access.redhat.com/errata/RHSA-2025:1210
- https://access.redhat.com/errata/RHSA-2025:1300
- https://access.redhat.com/errata/RHSA-2025:1309
- https://access.redhat.com/errata/RHSA-2025:1329
- https://access.redhat.com/errata/RHSA-2025:1346
- https://errata.rockylinux.org/RLSA-2025:1314
- https://errata.rockylinux.org/RLSA-2025:1338
- https://errata.rockylinux.org/RLSA-2025:1215
- https://errata.rockylinux.org/RLSA-2025:1306
- https://errata.rockylinux.org/RLSA-2025:1301
- https://www.suse.com/security/cve/CVE-2020-11023.html
- https://errata.rockylinux.org/RLSA-2021:4142
- https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
- https://nvd.nist.gov/vuln/detail/CVE-2020-11023
- https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
- https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
- https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E
- https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E
Verify integrity in audit chain (admin only). AS-IS.