CVE-2020-11022 (Medium) detected in jquery-3.2.1.min.js, jquery-3.2.1.js

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-3.2.1.min.js, jquery-3.2.1.js

jquery-3.2.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Path to dependency file: /docs/build/html/_modules/twilio/rest/messaging/v1/service.html

Path to vulnerable library: /docs/build/html/_modules/twilio/rest/messaging/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/recording/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/studio/v1/flow/execution/execution_step/../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/supersim/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/conversations/v1/user/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/understand/assistant/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/proxy/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/flex_api/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/serverless/v1/service/build/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/verify/v2/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/frontline_api/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/bulkexports/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/studio/v1/flow/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/video/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/studio/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/wireless/sim/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/insights/v1/call/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/ip_messaging/v1/service/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/taskrouter/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/sync/service/sync_map/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/accounts/v1/credential/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/conversations/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/serverless/v1/service/function/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/hosted_numbers/authorization_document/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/voice/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/numbers/v2/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/insights/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/trusthub/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/pricing/v2/voice/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/events/v1/sink/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/accounts/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/serverless/v1/service/asset/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/deployed_devices/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/voice/v1/connection_policy/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/bulk_exports/export/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/media/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/chat/v2/service/user/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/chat/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/autopilot/v1/assistant/field_type/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/sync/service/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/ip_messaging/v2/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/conversations/v1/conversation/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/jwt/../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/lookups/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/monitor/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/accounts/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/address/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/taskrouter/v1/workspace/worker/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/usage/../../../../../../../_static/jquery.js,/docs/build/html/docs/source/_rst/../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/conversations/v1/configuration/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/taskrouter/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/ip_messaging/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/studio/v2/flow/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/chat/v1/service/user/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/http/../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/proxy/v1/service/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/pricing/v2/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/verify/v2/service/entity/challenge/../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/serverless/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/frontline_api/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/trusted_comms/branded_channel/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/studio/v2/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/pricing/v1/voice/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/bulk_exports/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/understand/assistant/task/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/autopilot/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/studio/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/sync/v1/../../../../../_static/jquery.js,/docs/build/html/_static/jquery.js,/docs/build/html/_modules/twilio/rest/taskrouter/v1/workspace/workflow/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/pricing/v1/messaging/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/serverless/v1/service/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/incoming_phone_number/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/video/v1/room/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/events/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/autopilot/v1/assistant/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/sip/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/fax/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/sync/v1/service/sync_stream/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/studio/v2/flow/execution/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/taskrouter/v1/workspace/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/trunking/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/pricing/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/messaging/v1/br 8BB5 and_registration/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/taskrouter/v1/workspace/task/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/trusthub/v1/trust_products/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/proxy/v1/service/session/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/proxy/v1/service/session/participant/../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/events/v1/schema/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/trusthub/v1/customer_profiles/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/supersim/v1/network_access_profile/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/marketplace/installed_add_on/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/notify/v1/service/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/verify/v2/service/rate_limit/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/base/../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/ip_messaging/v2/service/user/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/chat/v2/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/autopilot/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/messaging/v1/service/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/call/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/sip/domain/auth_types/../../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/events/v1/subscription/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/wireless/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/ip_messaging/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/sync/v1/service/sync_map/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/numbers/v2/regulatory_compliance/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/sync/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/deployed_devices/fleet/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/available_phone_number/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/bulkexports/v1/export/../../../../../../_static/jquery.js,/docs/build/html/_modules/../_static/jquery.js,/docs/build/html/_modules/twilio/rest/conversations/v1/service/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/ip_messaging/v1/service/channel/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/sip/domain/auth_types/auth_calls_mapping/../../../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/conversations/v1/service/conversation/message/../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/conversations/v1/conversation/message/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/sip/ip_access_control_list/../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/events/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/studio/v1/flow/engagement/step/../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/wireless/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/lookups/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/supersim/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/insights/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/chat/v1/service/channel/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/video/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/sip/credential_list/../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/twiml/../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/chat/v1/service/../../../../../../_static/jquery.js,/docs/build/html/_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/understand/assistant/field_type/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/serverless/v1/service/environment/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/bulkexports/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/marketplace/available_add_on/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/message/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/media/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/sync/v1/service/sync_list/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/conversations/v1/service/configuration/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/numbers/v2/regulatory_compliance/bundle/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/trunking/v1/trunk/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/pricing/v1/phone_number/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/conversations/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/trunking/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/incoming_phone_number/assigned_add_on/../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/hosted_numbers/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/voice/v1/dialing_permissions/country/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/sip/domain/auth_types/auth_registrations_mapping/../../../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/serverless/v1/service/function/function_version/../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/flex_api/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/fax/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/understand/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/studio/v1/flow/execution/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/verify/v2/service/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/media/v1/player_streamer/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/verify/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/trusthub/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/sync/service/document/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/sync/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/chat/v2/service/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/trusted_comms/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/taskrouter/v1/workspace/task_queue/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/proxy/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/recording/add_on_result/../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/pricing/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/marketplace/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/voice/v1/dialing_permissions/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/wireless/v1/sim/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/sync/v1/service/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/ip_messaging/v2/service/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/verify/v2/service/entity/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/usage/record/../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/ip_messaging/v1/service/user/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/jwt/taskrouter/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/chat/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/notify/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/voice/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/insights/v1/room/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/serverless/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/queue/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/studio/v1/flow/engagement/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/monitor/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/jwt/access_token/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/sip/domain/../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/wireless/v1/../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/chat/v2/service/channel/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/conversations/v1/service/conversation/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/video/v1/room/room_participant/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/numbers/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/sync/v1/service/document/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/studio/v2/flow/execution/execution_step/../../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/ip_messaging/v2/service/channel/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/notify/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/fax/v1/fax/../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/autopilot/v1/assistant/task/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/api/v2010/account/conference/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/conversations/v1/service/user/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/messaging/../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/preview/sync/service/sync_list/../../../../../../../_static/jquery.js,/docs/build/html/_modules/twilio/rest/supersim/v1/sim/../../../../../../_static/jquery.js

Dependency Hierarchy:

❌ jquery-3.2.1.min.js (Vulnerable Library)

jquery-3.2.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.js

Path to vulnerable library: /docs/build/html/_static/jquery-3.2.1.js

Dependency Hierarchy:

❌ jquery-3.2.1.js (Vulnerable Library)

Found in HEAD commit: 63d09bea6ea58a1e1f52420eab056480ad01dc61

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2020-11022 - Medium Severity Vulnerability

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Description

CVE-2020-11022 - Medium Severity Vulnerability

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions