The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be exploited to achieve arbitrary code execution.
“Passing HTML containing <option> elements from untrusted sources – even after sanitizing them – to one of jQuery’s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code,” according to a GitHub advisory released for the flaw.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The problem was addressed in jQuery version 3.5.0 released in April 2020. A workaround for CVE-2020-11023 involves using DOMPurify with the SAFE_FOR_JQUERY flag set to sanitize the HTML string before passing it to a jQuery method.
As is typically the case, the advisory from CISA is lean on details about the specific nature of exploitation and the identity of threat actors weaponizing the shortcoming. Nor are there any public reports related to attacks that leverage the flaw in question.
That said, Dutch security firm EclecticIQ revealed in February 2024 that the command-and-control (C2) addresses associated with a malicious campaign exploiting security flaws in Ivanti appliances ran a version of JQuery that was susceptible to at least one of the three flaws, CVE-2020-11023, CVE-2020-11022, and CVE-2019-11358.
Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are recommended to remediate the identified flaw by February 13, 2025, to secure their networks against active threats.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits