VYPR

Packagist (Composer) package

components/jquery

pkg:composer/components/jquery

Vulnerabilities (2)

  • CVE-2020-11022MedApr 29, 2020
    affected >= 1.12.0, < 3.5.0fixed 3.5.0

    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

  • CVE-2020-11023KEVApr 29, 2020
    affected >= 1.0.3, < 3.5.0fixed 3.5.0

    In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This pro