Ruby/jquery-rails/4.3.3


This gem provides jQuery and the jQuery-ujs driver for your Rails 4+ application.

https://rubygems.org/gems/jquery-rails
MIT

2 Security Vulnerabilities

Prototype pollution attack through jQuery $.extend

Published date: 2019-04-19
Framework: rails
CVE: 2019-11358
CVSS V2: 4.3
CVSS V3: 6.1
Links:

jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of bject.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Affected versions: ["4.3.3", "4.3.2", "4.3.1", "4.3.0", "4.2.2", "4.2.1", "4.2.0", "4.1.1", "4.1.0", "4.0.5", "4.0.4", "4.0.3", "4.0.2", "4.0.1", "4.0.0", "4.0.0.beta2", "4.0.0.beta1", "3.1.5", "3.1.4", "3.1.3", "3.1.2", "3.1.1", "3.1.0", "3.0.4", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "2.3.0", "2.2.2", "2.2.1", "2.2.0", "2.1.4", "2.1.3", "2.1.2", "2.1.1", "2.1.0", "2.0.3", "2.0.2", "2.0.1", "1.0.19", "1.0.18", "1.0.17", "1.0.16", "1.0.15", "1.0.14", "1.0.13", "1.0.12", "1.0.11", "1.0.10", "1.0.9", "1.0.8", "1.0.7", "1.0.6", "1.0.5", "1.0.4", "1.0.3", "1.0.2", "1.0.1", "1.0", "1.0.rc", "0.2.7", "0.2.6", "0.2.5", "0.2.4", "0.2.3", "0.2.2", "0.2.1", "0.2", "0.1.3", "0.1.2", "0.1.1"]
Secure versions: [4.4.0, 4.5.0]
Recommendation: Update to version 4.5.0.

Potential XSS vulnerability in jQuery

Published date: 2020-04-29
Framework: rails
CVE: 2020-11023
CVSS V3: 6.9
Links:

Impact

Passing HTML containing <option> elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Workarounds

To workaround this issue without upgrading, use DOMPurify with its SAFE_FOR_JQUERY option to sanitize the HTML string before passing it to a jQuery method.

Affected versions: ["4.3.5", "4.3.4", "4.3.3", "4.3.2", "4.3.1", "4.3.0", "4.2.2", "4.2.1", "4.2.0", "4.1.1", "4.1.0", "4.0.5", "4.0.4", "4.0.3", "4.0.2", "4.0.1", "4.0.0", "4.0.0.beta2", "4.0.0.beta1", "3.1.5", "3.1.4", "3.1.3", "3.1.2", "3.1.1", "3.1.0", "3.0.4", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "2.3.0", "2.2.2", "2.2.1", "2.2.0", "2.1.4", "2.1.3", "2.1.2", "2.1.1", "2.1.0", "2.0.3", "2.0.2", "2.0.1", "1.0.19", "1.0.18", "1.0.17", "1.0.16", "1.0.15", "1.0.14", "1.0.13", "1.0.12", "1.0.11", "1.0.10", "1.0.9", "1.0.8", "1.0.7", "1.0.6", "1.0.5", "1.0.4", "1.0.3", "1.0.2", "1.0.1", "1.0", "1.0.rc", "0.2.7", "0.2.6", "0.2.5", "0.2.4", "0.2.3", "0.2.2", "0.2.1", "0.2", "0.1.3", "0.1.2", "0.1.1"]
Secure versions: [4.4.0, 4.5.0]
Recommendation: Update to version 4.5.0.

76 Other Versions

Version License Security Released
4.3.4 MIT 1 2019-06-13 - 22:49 over 3 years
4.3.5 MIT 1 2019-06-13 - 22:51 over 3 years
4.3.2 MIT 2 2018-04-18 - 17:24 over 4 years
4.3.3 MIT 2 2018-04-18 - 17:26 over 4 years
4.2.1 MIT 2 2016-08-19 - 16:56 about 6 years
4.3.1 MIT 2 2017-03-21 - 18:39 over 5 years
4.3.0 MIT 2 2017-03-21 - 18:36 over 5 years
4.2.2 MIT 2 2016-12-29 - 01:10 almost 6 years
3.1.4 MIT 2 2015-09-01 - 05:41 about 7 years
4.2.0 MIT 2 2016-08-19 - 16:53 about 6 years
4.1.1 MIT 2 2016-03-10 - 02:39 over 6 years
4.1.0 MIT 2 2016-01-12 - 23:34 over 6 years
4.0.5 MIT 2 2015-09-01 - 05:37 about 7 years
4.0.4 MIT 2 2015-06-16 - 18:07 over 7 years
3.1.5 MIT 2 2018-04-18 - 17:35 over 4 years
3.1.3 MIT 2 2015-06-16 - 18:08 over 7 years
4.0.0.beta1 MIT 3 2014-09-06 - 00:33 about 8 years
4.0.0.beta2 MIT 3 2014-09-06 - 03:17 about 8 years
3.1.1 MIT 3 2014-06-23 - 14:37 over 8 years
3.1.0 MIT 3 2014-01-29 - 06:18 over 8 years
3.1.2 MIT 3 2014-09-02 - 00:33 about 8 years
4.0.1 MIT 4 2014-12-16 - 16:22 almost 8 years
4.0.2 MIT 4 2014-12-19 - 23:51 almost 8 years
4.0.0 MIT 4 2014-11-26 - 00:29 almost 8 years
4.0.3 MIT 4 2014-12-29 - 21:19 over 7 years
2.0.3 UNKNOWN 4 2012-08-16 - 17:59 about 10 years
3.0.4 MIT 4 2013-07-11 - 03:45 about 9 years
3.0.3 MIT 4 2013-07-11 - 03:33 about 9 years
3.0.2 MIT 4 2013-07-04 - 18:51 about 9 years
3.0.1 MIT 4 2013-06-08 - 02:18 over 9 years
3.0.0 MIT 4 2013-05-29 - 06:52 over 9 years
2.3.0 MIT 4 2013-05-29 - 06:40 over 9 years
2.2.2 MIT 4 2013-05-29 - 05:50 over 9 years
2.2.1 MIT 4 2013-02-08 - 05:27 over 9 years
2.2.0 UNKNOWN 4 2013-01-19 - 17:13 over 9 years
2.1.4 UNKNOWN 4 2012-11-26 - 17:23 almost 10 years
2.1.3 UNKNOWN 4 2012-09-24 - 15:08 about 10 years
2.1.2 UNKNOWN 4 2012-09-06 - 23:48 about 10 years
2.1.1 UNKNOWN 4 2012-08-18 - 06:44 about 10 years
2.1.0 UNKNOWN 4 2012-08-16 - 20:04 about 10 years
0.2.5 UNKNOWN 4 2010-11-04 - 17:22 almost 12 years
2.0.2 UNKNOWN 4 2012-04-03 - 17:56 over 10 years
2.0.1 UNKNOWN 4 2012-02-28 - 23:56 over 10 years
1.0.19 UNKNOWN 4 2011-11-26 - 05:26 almost 11 years
1.0.18 UNKNOWN 4 2011-11-18 - 17:44 almost 11 years
1.0.17 UNKNOWN 4 2011-11-09 - 17:37 almost 11 years
1.0.16 UNKNOWN 4 2011-10-12 - 21:28 almost 11 years
1.0.15 UNKNOWN 4 2011-10-12 - 20:57 almost 11 years
1.0.14 UNKNOWN 4 2011-09-08 - 20:52 about 11 years
1.0.13 UNKNOWN 4 2011-08-11 - 22:16 about 11 years
1.0.12 UNKNOWN 4 2011-06-23 - 06:37 over 11 years
1.0.11 UNKNOWN 4 2011-06-15 - 23:38 over 11 years
1.0.10 UNKNOWN 4 2011-06-14 - 02:34 over 11 years
1.0.9 UNKNOWN 4 2011-05-26 - 03:38 over 11 years
1.0.8 UNKNOWN 4 2011-05-26 - 03:31 over 11 years
1.0.7 UNKNOWN 4 2011-05-22 - 02:42 over 11 years
1.0.6 UNKNOWN 4 2011-05-21 - 19:25 over 11 years
1.0.5 UNKNOWN 4 2011-05-17 - 21:48 over 11 years
1.0.4 UNKNOWN 4 2011-05-17 - 17:16 over 11 years
1.0.3 UNKNOWN 4 2011-05-17 - 13:46 over 11 years
1.0.2 UNKNOWN 4 2011-05-12 - 21:12 over 11 years
1.0.1 UNKNOWN 4 2011-05-11 - 06:56 over 11 years
1.0 UNKNOWN 4 2011-05-04 - 08:43 over 11 years
1.0.rc UNKNOWN 4 2011-05-04 - 03:12 over 11 years
0.2.7 UNKNOWN 4 2011-02-05 - 20:33 over 11 years
0.2.6 UNKNOWN 4 2010-12-02 - 06:38 almost 12 years
0.2 UNKNOWN 4 2010-10-02 - 18:12 almost 12 years
0.2.4 UNKNOWN 4 2010-10-17 - 06:56 almost 12 years
0.2.3 UNKNOWN 4 2010-10-13 - 18:15 almost 12 years
0.2.2 UNKNOWN 4 2010-10-08 - 21:45 almost 12 years
0.2.1 UNKNOWN 4 2010-10-02 - 23:10 almost 12 years
0.1.1 UNKNOWN 4 2010-08-16 - 23:10 about 12 years
0.1.3 UNKNOWN 4 2010-09-16 - 21:12 about 12 years
0.1.2 UNKNOWN 4 2010-08-18 - 08:46 about 12 years
4.4.0 MIT 2020-05-08 - 15:51 over 2 years
4.5.0 MIT 2022-05-23 - 21:27 4 months