CVE编号
CVE-2020-11023利用情况
暂无补丁情况
官方补丁披露时间
2020-04-30漏洞描述
jQuery是美国John Resig程序员的一套开源、跨浏览器的JavaScript库。该库简化了HTML与JavaScript之间的操作,并具有模块化、插件扩展等特点。 jQuery 1.0.3版本至3.5.0之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。解决建议
厂商已发布了漏洞修复程序,请及时关注更新:https://jquery.com/upgrade-guide/3.5/
参考链接 |
|
|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html | |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html | |
| http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html | |
| https://blog.jquery.com/2020/04/10/jquery-3-5-0-released | |
| https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 | |
| https://jquery.com/upgrade-guide/3.5/ | |
| https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba... | |
| https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a4671... | |
| https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e... | |
| https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d5... | |
| https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff... | |
| https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfd... | |
| https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736... | |
| https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3... | |
| https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d... | |
| https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a9027258... | |
| https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442ee... | |
| https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae... | |
| https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b... | |
| https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8... | |
| https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807... | |
| https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bc... | |
| https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc... | |
| https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095... | |
| https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8... | |
| https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f... | |
| https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3... | |
| https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf61... | |
| https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79... | |
| https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc277... | |
| https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f560411357351... | |
| https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a02... | |
| https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9d... | |
| https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e... | |
| https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373c... | |
| https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2db... | |
| https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1... | |
| https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677b... | |
| https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68... | |
| https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea365005... | |
| https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d83... | |
| https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a342... | |
| https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebe... | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html | |
| https://lists.fedoraproject.org/archives/list/[email protected]... | |
| https://lists.fedoraproject.org/archives/list/[email protected]... | |
| https://lists.fedoraproject.org/archives/list/[email protected]... | |
| https://lists.fedoraproject.org/archives/list/[email protected]... | |
| https://security.gentoo.org/glsa/202007-03 | |
| https://security.netapp.com/advisory/ntap-20200511-0006/ | |
| https://www.debian.org/security/2020/dsa-4693 | |
| https://www.drupal.org/sa-core-2020-002 | |
| https://www.oracle.com//security-alerts/cpujul2021.html | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | |
| https://www.oracle.com/security-alerts/cpujan2021.html | |
| https://www.oracle.com/security-alerts/cpujan2022.html | |
| https://www.oracle.com/security-alerts/cpujul2020.html | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | |
| https://www.tenable.com/security/tns-2021-02 | |
| https://www.tenable.com/security/tns-2021-10 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | jquery | jquery | * |
From (including) 1.0.3 |
Up to (excluding) 3.5.0 |
||||
| 运行在以下环境 | |||||||||
| 系统 | alibaba_cloud_linux_2.1903 | ipa | * |
Up to (excluding) 4.6.8-5.1.al7.4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.11 | ipa | * |
Up to (excluding) 7.70-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.12 | ipa | * |
Up to (excluding) 7.70-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.13 | ipa | * |
Up to (excluding) 7.70-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.14 | pcs | * |
Up to (excluding) 1.2.13-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.15 | pcs | * |
Up to (excluding) 7.70-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_edge | ipa | * |
Up to (excluding) 7.70-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | amazon linux_2 | ipa | * |
Up to (excluding) 4.6.8-5.amzn2.4.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_2 | pcs | * |
Up to (excluding) 4.6.8-5.amzn2.4.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | centos_8 | pcs | * |
Up to (excluding) 11.6-2.module+el8.4.0+9328+4ec4e316 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | ipa | * |
Up to (excluding) 3.3.1~dfsg-3+deb10u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | ipa | * |
Up to (excluding) 7.52-2+deb9u10 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_31 | ipa | * |
Up to (excluding) 7.72-1.fc31 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_32 | ipa | * |
Up to (excluding) 7.72-1.fc32 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_33 | ipa | * |
Up to (excluding) 7.72-1.fc33 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_EPEL_6 | ipa | * |
Up to (excluding) 7.72-1.el6 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_EPEL_7 | ipa | * |
Up to (excluding) 7.72-1.el7 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.1 | ipa | * |
Up to (excluding) 1.2.13-8.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.2 | ipa | * |
Up to (excluding) 1.2.13-8.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle linux_7 | ipa | * |
Up to (excluding) 4.6.8-5.0.1.el7_9.4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_7 | pcs | * |
Up to (excluding) 3.0.0-7.0.1.el7 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_8 | pcs | * |
Up to (excluding) 0.10.10-4.0.1.el8 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_7 | ipa-client | * |
Up to (excluding) 0:4.6.8-5.el7_9.4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_8 | pcs | * |
Up to (excluding) 11.6-2.module+el8.4.0+9328+4ec4e316 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | unionos_20 | pcs | * |
Up to (excluding) 3.3.1~dfsg.1-3+security |
|||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 传输被破坏
- 服务器危害 无影响
- 全网数量 N/A
还没有评论,来说两句吧...