The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be exploited to achieve arbitrary code execution.
“Passing HTML containing <option> elements from untrusted sources – even after sanitizing them – to one of jQuery’s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code,” according to a GitHub advisory released for the flaw.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The problem was addressed in jQuery version 3.5.0 released in April 2020. A workaround for CVE-2020-11023 involves using DOMPurify with the SAFE_FOR_JQUERY flag set to sanitize the HTML string before passing it to a jQuery method.
As is typically the case, the advisory from CISA is lean on details about the specific nature of exploitation and the identity of threat actors weaponizing the shortcoming. Nor are there any public reports related to attacks that leverage the flaw in question.
That said, Dutch security firm EclecticIQ revealed in February 2024 that the command-and-control (C2) addresses associated with a malicious campaign exploiting security flaws in Ivanti appliances ran a version of JQuery that was susceptible to at least one of the three flaws, CVE-2020-11023, CVE-2020-11022, and CVE-2019-11358.
Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are recommended to remediate the identified flaw by February 13, 2025, to secure their networks against active threats.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits