ID

VAR-202004-2199


CVE

CVE-2020-11023


TITLE

jQuery  Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-005056

DESCRIPTION

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 871208 - ipa sudorule-add-user should accept external users 1340463 - [RFE] Implement pam_pwquality featureset in IPA password policies 1357495 - ipa command provides stack trace when provided with single hypen commands 1484088 - [RFE]: Able to browse different links from IPA web gui in new tabs 1542737 - Incorrect certs are being updated with "ipa-certupdate" 1544379 - ipa-client-install changes system wide ssh configuration 1660877 - kinit is failing due to overflow in Root CA certificate's timestamp 1779981 - ipa-cert-fix warning message should use commercial name for the product. 1780328 - ipa-healthcheck - Mention that the default output format is JSON. 1780510 - Source 'ipahealthcheck.ipa.topology' not found is displayed when ipactl service is stopped 1780782 - ipa-cert-fix tool fails when the Dogtag CA SSL CSR is missing from CS.cfg 1784657 - Unlock user accounts after a password reset and replicate that unlock to all IdM servers 1809215 - Man page has incorrect examples; log location for healthcheck tool 1810148 - ipa-server-certinstall raises exception when installing IPA-issued web server cert 1812871 - Intermittent IdM Client Registration Failures 1824193 - Add Directory Server Healthchecks from lib389 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1851835 - [RFE] IdM short-term certificates ACME provider 1857272 - negative option for token.mechanism not working correctly 1860129 - ipa trust-add fails when FIPS enabled 1866558 - ipa-healthcheck --input-file returns 1 on exit 1872603 - KRA Transport and Storage Certificates do not renew 1875001 - It is not possible to edit KDC database when the FreeIPA server is running 1882340 - nsslapd-db-locks patching no longer works 1891056 - ipa-kdb: support subordinate/superior UPN suffixes 1891505 - ipa-healthcheck returns msg": "{sssctl} {key} reports mismatch: sssd domains {sssd_domains} trust domains {trust_domains}" 1891735 - [Rebase] Rebase bind-dyndb-ldap to the recent upstream release 1891741 - [Rebase] Rebase slapi-nis to recent upstream release 1891832 - [Rebase] Rebase FreeIPA to a recent upstream release 1891850 - [Rebase] Rebase ipa-healthcheck to 0.7 upstream release 1894800 - IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing 1901068 - Traceback while doing ipa-backup 1902173 - Uninstallation of IPA server with KRA installed displays 'ERROR: subprocess.CalledProcessError:' 1902727 - ipa-acme-manage enable fails after upgrade 1903025 - test failure in test_acme.py::TestACME::test_third_party_certs 1904484 - [Rebase] Rebase opendnssec to 2.1.7 1904612 - bind-dyndb-ldap: Rebased bind modifies so versions 1905919 - ipa-server-upgrade fails with traceback "exception: KeyError: 'DOMAIN'" 1909876 - ipa uninstall fails when dns not installed 1912845 - ipa-certupdate drops profile from the caSigningCert tracking 1922955 - Resubmitting KDC cert fails with internal server error 1923900 - Samba on IdM member failure 1924026 - Fix upstream test test_trust.py::test_subordinate_suffix 1924501 - ipa-client-install: Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 7 1924812 - Fix upstream test test_smb.py::TestSMB::test_authentication_with_smb_cifs_principal_alias 1925410 - Cannot delete sudocmd with typo error e.g. "/usr/sbin/reboot." 1926699 - avc denial for gpg-agent with systemd-run 1926910 - ipa cert-remove-hold <invalid_cert_id> returns an incorrect error message 1928900 - Support new baseURL config option for ACME 1930426 - IPA krb5kdc crash possible doublefree ipadb_mspac_struct_free finish_process_as_req 1932289 - Sync ipatests from upstream to RHEL packages for FreeIPA 4.9 branch 1939371 - ipa-client-install displays false message 'sudo binary does not seem to be present on this system' 6. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Bug Fix(es): * cannot issue certs with multiple IP addresses corresponding to different hosts (BZ#1846349) * CA-less install does not set required permissions on KDC certificate (BZ#1863619) * IdM Web UI shows users as disabled (BZ#1884819) * Authentication and login times are over several seconds due to unindexed ipaExternalMember (BZ#1892793) * improve IPA PKI susbsystem detection by other means than a directory presence, use pki-server subsystem-find (BZ#1895197) * IPA WebUI inaccessible after upgrading to RHEL 8.3 - idoverride-memberof.js missing (BZ#1897253) 4. 7): noarch: ipa-server-common-4.6.8-5.el7_9.4.noarch.rpm ipa-server-dns-4.6.8-5.el7_9.4.noarch.rpm python2-ipaserver-4.6.8-5.el7_9.4.noarch.rpm x86_64: ipa-debuginfo-4.6.8-5.el7_9.4.x86_64.rpm ipa-server-4.6.8-5.el7_9.4.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ipa-4.6.8-5.el7_9.4.src.rpm noarch: ipa-client-common-4.6.8-5.el7_9.4.noarch.rpm ipa-common-4.6.8-5.el7_9.4.noarch.rpm ipa-python-compat-4.6.8-5.el7_9.4.noarch.rpm ipa-server-common-4.6.8-5.el7_9.4.noarch.rpm ipa-server-dns-4.6.8-5.el7_9.4.noarch.rpm python2-ipaclient-4.6.8-5.el7_9.4.noarch.rpm python2-ipalib-4.6.8-5.el7_9.4.noarch.rpm python2-ipaserver-4.6.8-5.el7_9.4.noarch.rpm ppc64: ipa-client-4.6.8-5.el7_9.4.ppc64.rpm ipa-debuginfo-4.6.8-5.el7_9.4.ppc64.rpm ppc64le: ipa-client-4.6.8-5.el7_9.4.ppc64le.rpm ipa-debuginfo-4.6.8-5.el7_9.4.ppc64le.rpm s390x: ipa-client-4.6.8-5.el7_9.4.s390x.rpm ipa-debuginfo-4.6.8-5.el7_9.4.s390x.rpm x86_64: ipa-client-4.6.8-5.el7_9.4.x86_64.rpm ipa-debuginfo-4.6.8-5.el7_9.4.x86_64.rpm ipa-server-4.6.8-5.el7_9.4.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Virtualization security, bug fix, and enhancement update Advisory ID: RHSA-2020:3807-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2020:3807 Issue date: 2020-09-23 CVE Names: CVE-2020-8203 CVE-2020-11022 CVE-2020-11023 CVE-2020-14333 ==================================================================== 1. Summary: An update is now available for Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch 3. Description: The org.ovirt.engine-root is a core component of oVirt. The following packages have been upgraded to a later upstream version: ansible-runner-service (1.0.5), org.ovirt.engine-root (4.4.2.3), ovirt-engine-dwh (4.4.2.1), ovirt-engine-extension-aaa-ldap (1.4.1), ovirt-engine-ui-extensions (1.2.3), ovirt-log-collector (4.4.3), ovirt-web-ui (1.6.4), rhvm-branding-rhv (4.4.5), rhvm-dependencies (4.4.1), vdsm-jsonrpc-java (1.5.5). (BZ#1674420, BZ#1866734) A list of bugs fixed in this update is available in the Technical Notes book: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht ml-single/technical_notes Security Fix(es): * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * ovirt-engine: Reflected cross site scripting vulnerability (CVE-2020-14333) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Cannot assign direct LUN from FC storage - grayed out (BZ#1625499) * VM portal always asks how to open console.vv even it has been set to default application. (BZ#1638217) * RESTAPI Not able to remove the QoS from a disk profile (BZ#1643520) * On OVA import, qemu-img fails to write to NFS storage domain (BZ#1748879) * Possible missing block path for a SCSI host device needs to be handled in the UI (BZ#1801206) * Scheduling Memory calculation disregards huge-pages (BZ#1804037) * Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. (BZ#1804046) * In Admin Portal, "Huge Pages (size: amount)" needs to be clarified (BZ#1806339) * Refresh LUN is using host from different Data Center to scan the LUN (BZ#1838051) * Unable to create Windows VM's with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal (BZ#1843234) * [RHV-CNV] - NPE when creating new VM in cnv cluster (BZ#1854488) * [CNV&RHV] Add-Disk operation failed to complete. (BZ#1855377) * Cannot create KubeVirt VM as a normal user (BZ#1859460) * Welcome page - remove Metrics Store links and update "Insights Guide" link (BZ#1866466) * [RHV 4.4] Change in CPU model name after RHVH upgrade (BZ#1869209) * VM vm-name is down with error. Exit message: unsupported configuration: Can't add USB input device. USB bus is disabled. (BZ#1871235) * spec_ctrl host feature not detected (BZ#1875609) Enhancement(s): * [RFE] API for changed blocks/sectors for a disk for incremental backup usage (BZ#1139877) * [RFE] Improve workflow for storage migration of VMs with multiple disks (BZ#1749803) * [RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots (BZ#1763812) * [RFE] enhance search filter for Storage Domains with free argument (BZ#1819260) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1625499 - Cannot assign direct LUN from FC storage - grayed out 1638217 - VM portal always asks how to open console.vv even it has been set to default application. 1643520 - RESTAPI Not able to remove the QoS from a disk profile 1674420 - [RFE] - add support for Cascadelake-Server CPUs (and IvyBridge) 1748879 - On OVA import, qemu-img fails to write to NFS storage domain 1749803 - [RFE] Improve workflow for storage migration of VMs with multiple disks 1758024 - Long running Ansible tasks timeout and abort for RHV-H hosts with STIG/Security Profiles applied 1763812 - [RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots 1778471 - Using more than one asterisk in LDAP search string is not working when searching for AD users. 1787854 - RHV: Updating/reinstall a host which is part of affinity labels is removed from the affinity label. 1801206 - Possible missing block path for a SCSI host device needs to be handled in the UI 1803856 - [Scale] ovirt-vmconsole takes too long or times out in a 500+ VM environment. 1804037 - Scheduling Memory calculation disregards huge-pages 1804046 - Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. 1806339 - In Admin Portal, "Huge Pages (size: amount)" needs to be clarified 1816951 - [CNV&RHV] CNV VM migration failure is not handled correctly by the engine 1819260 - [RFE] enhance search filter for Storage Domains with free argument 1826255 - [CNV&RHV]Change name of type of provider - CNV -> OpenShift Virtualization 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1831949 - RESTAPI javadoc contains missing information about assigning IP address to NIC 1831952 - RESTAPI contains malformed link around JSON representation fo the cluster 1831954 - RESTAPI javadoc contains malformed link around oVirt guest agent 1831956 - RESTAPI javadoc contains malformed link around time zone representation 1838051 - Refresh LUN is using host from different Data Center to scan the LUN 1841112 - not able to upload vm from OVA when there are 2 OVA from the same vm in same directory 1843234 - Unable to create Windows VM's with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal 1850004 - CVE-2020-11023 jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1854488 - [RHV-CNV] - NPE when creating new VM in cnv cluster 1855377 - [CNV&RHV] Add-Disk operation failed to complete. 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1858184 - CVE-2020-14333 ovirt-engine: Reflected cross site scripting vulnerability 1859460 - Cannot create KubeVirt VM as a normal user 1860907 - Upgrade bundled GWT to 2.9.0 1866466 - Welcome page - remove Metrics Store links and update "Insights Guide" link 1866734 - [DWH] Rebase bug - for the 4.4.2 release 1869209 - [RHV 4.4] Change in CPU model name after RHVH upgrade 1869302 - ansible 2.9.12 - host deploy fixes 1871235 - VM vm-name is down with error. Exit message: unsupported configuration: Can't add USB input device. USB bus is disabled. 1875609 - spec_ctrl host feature not detected 1875851 - Web Admin interface broken on Firefox ESR 68.11 6. Package List: RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4: Source: ansible-runner-service-1.0.5-1.el8ev.src.rpm ovirt-engine-4.4.2.3-0.6.el8ev.src.rpm ovirt-engine-dwh-4.4.2.1-1.el8ev.src.rpm ovirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.2.3-1.el8ev.src.rpm ovirt-log-collector-4.4.3-1.el8ev.src.rpm ovirt-web-ui-1.6.4-1.el8ev.src.rpm rhvm-branding-rhv-4.4.5-1.el8ev.src.rpm rhvm-dependencies-4.4.1-1.el8ev.src.rpm vdsm-jsonrpc-java-1.5.5-1.el8ev.src.rpm noarch: ansible-runner-service-1.0.5-1.el8ev.noarch.rpm ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-backend-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-dbscripts-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-dwh-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-setup-1.4.1-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-restapi-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-base-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-tools-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-tools-backup-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.2.3-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-log-collector-4.4.3-1.el8ev.noarch.rpm ovirt-web-ui-1.6.4-1.el8ev.noarch.rpm python3-ovirt-engine-lib-4.4.2.3-0.6.el8ev.noarch.rpm rhvm-4.4.2.3-0.6.el8ev.noarch.rpm rhvm-branding-rhv-4.4.5-1.el8ev.noarch.rpm rhvm-dependencies-4.4.1-1.el8ev.noarch.rpm vdsm-jsonrpc-java-1.5.5-1.el8ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8203 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2020-14333 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX2t0HtzjgjWX9erEAQhpWg/+KolNmhmQCrst8TmYsC2IgSdHP+q0LKLj gdPZYu0ixOpwLLiAhrsoDXqL3H3w7UDSKkSISgPMEqEde4Vp+zI37O1q3E/P7CAj rfLGuL1UDEiy0q0g1BP13GrPlg6K4fR5wQAnTB6vD/ZY+wd50Z0T+NGAxd2w68bM R5q1kSOUPc4AZt25FORU2cmp775Y7DWazMWHC77uiJHgyCwVqLtdO09iEnglZDKJ BynwyT8exZKXxmmpE4QZ4X7wNo3Y0mTiRZo5eyxxQpwj9X+qw1V+pBdtMH/C1yhk J+X1f+wDoe2jCx2bqPXqp6EgFSHnJNt96jV0oTdD0f8rMgWcBDStNXdagPBmBCBp t+Kq3BZx0Oqkig4f+DCEmoS0V0fB9UQLg0Q/M9p1bTfYQkbn+BMHL7CAp8UyAzPH A1HlnP7TtQgplFvoap82xt2pXh97VvI6x3sBGHyW4Fz0SykhRYx3dAgmqy5nEssl 5ApWZ87M3l+2tUh4ZOJAtzRDt9sL5KQsXjp1jZaK/gWBsL4Suzr9AIrs4NmRmXnY TzxdXgIY6C+dWmB4TPhcJE5etcvtorqvs93d47yBdpRyO/IlbEw0vLUBdVZZuj9N mqp6RcHqDKm6Yv4B73Ud5my44wSRWVWtBxO6fivQOQG7iqCyIlA3M3LUMkVy+fxc bvmOI0eIsZw=Jhpi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 2031904 - CVE-2022-1438 keycloak: XSS on impersonation under specific circumstances 2066009 - CVE-2021-44906 minimist: prototype pollution 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2073157 - CVE-2022-1274 keycloak: HTML injection in execute-actions-email Admin REST API 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2117506 - CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations 2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections 2129706 - CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode 2129707 - CVE-2022-38750 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject 2129709 - CVE-2022-38751 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens 2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability 2148496 - CVE-2022-4137 keycloak: reflected XSS attack 2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution 2155681 - CVE-2022-46363 Apache CXF: directory listing / code exfiltration 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2155970 - CVE-2022-45693 jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service 2158585 - CVE-2023-0091 keycloak: Client Registration endpoint does not check token revocation 2160585 - CVE-2023-0264 keycloak: user impersonation via stolen uuid code 6

Trust: 2.43

sources: NVD: CVE-2020-11023 // JVNDB: JVNDB-2020-005056 // VULHUB: VHN-163560 // VULMON: CVE-2020-11023 // PACKETSTORM: 162651 // PACKETSTORM: 161830 // PACKETSTORM: 159727 // PACKETSTORM: 158282 // PACKETSTORM: 159275 // PACKETSTORM: 171213 // PACKETSTORM: 171212

AFFECTED PRODUCTS

vendor:oraclemodel:healthcare translational researchscope:eqversion:3.4.0

Trust: 1.0

vendor:netappmodel:snapcenter serverscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:communications eagle application processorscope:gteversion:16.1.0

Trust: 1.0

vendor:oraclemodel:webcenter sitesscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:communications analyticsscope:eqversion:12.1.1

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:lteversion:2.10.0

Trust: 1.0

vendor:drupalmodel:drupalscope:ltversion:8.8.6

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:netappmodel:h300escope:eqversion: -

Trust: 1.0

vendor:oraclemodel:application expressscope:ltversion:20.2

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:healthcare translational researchscope:eqversion:3.2.1

Trust: 1.0

vendor:oraclemodel:rest data servicesscope:eqversion:18c

Trust: 1.0

vendor:oraclemodel:banking enterprise collectionsscope:lteversion:2.8.0

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:5.9.0.0.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:14.1.1.0.0

Trust: 1.0

vendor:drupalmodel:drupalscope:gteversion:8.8.0

Trust: 1.0

vendor:oraclemodel:storagetek acslsscope:eqversion:8.5.1

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:ltversion:9.2.5.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.1.1

Trust: 1.0

vendor:netappmodel:oncommand system managerscope:lteversion:3.1.3

Trust: 1.0

vendor:oraclemodel:financial services regulatory reporting for de nederlandsche bankscope:eqversion:8.0.4

Trust: 1.0

vendor:oraclemodel:health sciences informscope:eqversion:6.3.0

Trust: 1.0

vendor:oraclemodel:financial services revenue management and billing analyticsscope:eqversion:2.8

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.9

Trust: 1.0

vendor:oraclemodel:webcenter sitesscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:jquerymodel:jqueryscope:ltversion:3.5.0

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:16.2.11

Trust: 1.0

vendor:oraclemodel:financial services revenue management and billing analyticsscope:eqversion:2.7

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.1.3.0.0

Trust: 1.0

vendor:drupalmodel:drupalscope:gteversion:7.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.4

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.7

Trust: 1.0

vendor:oraclemodel:banking enterprise collectionsscope:gteversion:2.7.0

Trust: 1.0

vendor:tenablemodel:log correlation enginescope:ltversion:6.0.9

Trust: 1.0

vendor:oraclemodel:banking platformscope:gteversion:2.4.0

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:healthcare translational researchscope:eqversion:3.3.2

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:gteversion:4.1

Trust: 1.0

vendor:oraclemodel:communications interactive session recorderscope:lteversion:6.4

Trust: 1.0

vendor:oraclemodel:healthcare translational researchscope:eqversion:3.3.1

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:netappmodel:h500escope:eqversion: -

Trust: 1.0

vendor:oraclemodel:rest data servicesscope:eqversion:11.2.0.4

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone orchestratorscope:ltversion:9.2.5.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:16.2

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:eqversion:3.4

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:lteversion:4.3

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications eagle application processorscope:lteversion:16.4.0

Trust: 1.0

vendor:drupalmodel:drupalscope:ltversion:8.7.14

Trust: 1.0

vendor:oraclemodel:communications interactive session recorderscope:gteversion:6.1

Trust: 1.0

vendor:oraclemodel:rest data servicesscope:eqversion:12.2.0.1

Trust: 1.0

vendor:drupalmodel:drupalscope:gteversion:8.7.0

Trust: 1.0

vendor:jquerymodel:jqueryscope:gteversion:1.0.3

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:rest data servicesscope:eqversion:19c

Trust: 1.0

vendor:netappmodel:h700escope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:oss support toolsscope:ltversion:2.12.41

Trust: 1.0

vendor:oraclemodel:rest data servicesscope:eqversion:12.1.0.2

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:storagetek tape analytics sw toolscope:eqversion:2.3.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise human capital management resourcesscope:eqversion:9.2

Trust: 1.0

vendor:netappmodel:snap creator frameworkscope:eqversion: -

Trust: 1.0

vendor:netappmodel:max datascope:eqversion: -

Trust: 1.0

vendor:oraclemodel:siebel mobilescope:lteversion:20.12

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.1

Trust: 1.0

vendor:netappmodel:oncommand system managerscope:gteversion:3.0

Trust: 1.0

vendor:drupalmodel:drupalscope:ltversion:7.70

Trust: 1.0

vendor:oraclemodel:hyperion financial reportingscope:eqversion:11.1.2.4

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.0

Trust: 1.0

vendor:日立model:hitachi ops center common servicesscope: - version: -

Trust: 0.8

vendor:jquerymodel:jqueryscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-005056 // NVD: CVE-2020-11023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11023
value: MEDIUM

Trust: 1.0

security-advisories@github.com: CVE-2020-11023
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-11023
value: MEDIUM

Trust: 0.8

VULHUB: VHN-163560
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-11023
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-11023
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-163560
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-11023
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

security-advisories@github.com: CVE-2020-11023
baseSeverity: MEDIUM
baseScore: 6.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 4.7
version: 3.1

Trust: 1.0

NVD: CVE-2020-11023
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-163560 // VULMON: CVE-2020-11023 // JVNDB: JVNDB-2020-005056 // NVD: CVE-2020-11023 // NVD: CVE-2020-11023

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-163560 // JVNDB: JVNDB-2020-005056 // NVD: CVE-2020-11023

TYPE

code execution, xss

Trust: 0.4

sources: PACKETSTORM: 159727 // PACKETSTORM: 158282 // PACKETSTORM: 171213 // PACKETSTORM: 171212

PATCH

title:hitachi-sec-2020-130 Software product security informationurl:https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Trust: 0.8

title:Red Hat: Moderate: python-XStatic-jQuery224 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205412 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat AMQ Interconnect 1.9.0 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204211 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203807 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4693-1 drupal7 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=978f239ce60a8a08c53eb64ba189d0f6

Trust: 0.1

title:Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Containerurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205249 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenShift Service Mesh security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203369 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1626url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1626

Trust: 0.1

title:Red Hat: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226393 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: wordpress: WordPress 5.9.2 security and maintenance releaseurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e7014c0a68e8d9bc31a54125059176dc

Trust: 0.1

title:Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203247 - Security Advisory

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-02

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.4.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202813 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204847 - Security Advisory

Trust: 0.1

title:HP: HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)url:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBPI03688

Trust: 0.1

title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)url:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=0c6e8f969487f201b1d56f59bd98f443

Trust: 0.1

title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)url:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=e57a04f097f54c762da82263eadc1b8a

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230556 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230554 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231043 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231044 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.6.2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231049 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231045 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=22fc4d0a2671b6a2b6b740928ccb3e85

Trust: 0.1

title:Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-10

Trust: 0.1

title:IBM: Security Bulletin: IBM License Key Server Administration and Reporting Tool is impacted by multiple vulnerabilities in jQuery, Bootstrap and AngularJSurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=06c81cfb59e5c7353b49e490f4b9142c

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Servicesurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-130

Trust: 0.1

title:IBM: Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Applianceurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8c22e5a481443cacfeb30c0ca6b1c6be

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204298 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0bf006d622ea4a9435b282864e760566

Trust: 0.1

title:IBM: Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1abb4a91c60a38765126584f92f9afd0

Trust: 0.1

title:IBM: Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=157eb1e30eb92554b7b6df9a1809e974

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c47c09015d1429df4a71453000607351

Trust: 0.1

title:CVE-2020-11023 POC Dom XSSurl:https://github.com/Cybernegro/CVE-2020-11023

Trust: 0.1

title:Hacky-Holidays-2020-Writeupsurl:https://github.com/goelp14/Hacky-Holidays-2020-Writeups

Trust: 0.1

title:https-nj.gov---CVE-2020-11023 RECOMMENDATION REFERENCESurl:https://github.com/korestreet/https-nj.gov---CVE-2020-11023

Trust: 0.1

title:https-nj.gov---CVE-2020-11023 RECOMMENDATION REFERENCESurl:https://github.com/Snorlyd/https-nj.gov---CVE-2020-11023

Trust: 0.1

title:CVE Sandbox :: jQueryurl:https://github.com/cve-sandbox/jquery

Trust: 0.1

title:JS_Encoderurl:https://github.com/AssassinUKG/JS_Encoder

Trust: 0.1

title:CVE-2020-11022 CVE-2020-11023url:https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-11023

Trust: 0.1

title:https://github.com/DanielRuf/snyk-js-jquery-565129url:https://github.com/DanielRuf/snyk-js-jquery-565129

Trust: 0.1

title:100DaysofLearning Daily Checklist - ✅url:https://github.com/arijitdirghanji/100DaysofLearning

Trust: 0.1

title:XSSPlayground What is XSS?url:https://github.com/AssassinUKG/XSSPlayground

Trust: 0.1

title:jQuery XSSurl:https://github.com/EmptyHeart5292/jQuery-XSS

Trust: 0.1

title:Strings_Attached User Experience Development Process Testing Bugs Libraries and Programs Used Deployment Credits Acknowledgementsurl:https://github.com/johnrearden/strings_attached

Trust: 0.1

title:jQuery — New Wave JavaScripturl:https://github.com/spurreiter/jquery

Trust: 0.1

title:Case Studyurl:https://github.com/faizhaffizudin/Case-Study-Hamsa

Trust: 0.1

title:Retire HTML Parserurl:https://github.com/marksowell/retire-html-parser

Trust: 0.1

title:https://github.com/octane23/CASE-STUDY-1url:https://github.com/octane23/CASE-STUDY-1

Trust: 0.1

title:Vulnerabilityurl:https://github.com/tzwlhack/Vulnerability

Trust: 0.1

title:欢迎关注阿尔法实验室微信公众号url:https://github.com/alphaSeclab/sec-daily-2020

Trust: 0.1

title:SecBooks SecBooks目录url:https://github.com/SexyBeast233/SecBooks

Trust: 0.1

title:PoC in GitHuburl:https://github.com/soosmile/POC

Trust: 0.1

title:Github CVE Monitorurl:https://github.com/khulnasoft-lab/awesome-security

Trust: 0.1

title:Github CVE Monitorurl:https://github.com/khulnasoft-labs/awesome-security

Trust: 0.1

sources: VULMON: CVE-2020-11023 // JVNDB: JVNDB-2020-005056

EXTERNAL IDS

db:NVDid:CVE-2020-11023

Trust: 3.5

db:PACKETSTORMid:162160

Trust: 1.2

db:TENABLEid:TNS-2021-02

Trust: 1.2

db:TENABLEid:TNS-2021-10

Trust: 1.2

db:JVNid:JVNVU99394498

Trust: 0.8

db:JVNid:JVNVU94912830

Trust: 0.8

db:ICS CERTid:ICSA-21-306-01

Trust: 0.8

db:JVNDBid:JVNDB-2020-005056

Trust: 0.8

db:PACKETSTORMid:171213

Trust: 0.2

db:PACKETSTORMid:162651

Trust: 0.2

db:PACKETSTORMid:171212

Trust: 0.2

db:PACKETSTORMid:159275

Trust: 0.2

db:PACKETSTORMid:161830

Trust: 0.2

db:PACKETSTORMid:170823

Trust: 0.1

db:PACKETSTORMid:171214

Trust: 0.1

db:PACKETSTORMid:159852

Trust: 0.1

db:PACKETSTORMid:160274

Trust: 0.1

db:PACKETSTORMid:170821

Trust: 0.1

db:PACKETSTORMid:161727

Trust: 0.1

db:PACKETSTORMid:158797

Trust: 0.1

db:PACKETSTORMid:168304

Trust: 0.1

db:PACKETSTORMid:170819

Trust: 0.1

db:PACKETSTORMid:160548

Trust: 0.1

db:PACKETSTORMid:170817

Trust: 0.1

db:PACKETSTORMid:164887

Trust: 0.1

db:PACKETSTORMid:158750

Trust: 0.1

db:PACKETSTORMid:159513

Trust: 0.1

db:PACKETSTORMid:158555

Trust: 0.1

db:CNNVDid:CNNVD-202004-2420

Trust: 0.1

db:VULHUBid:VHN-163560

Trust: 0.1

db:ICS CERTid:ICSA-22-055-02

Trust: 0.1

db:VULMONid:CVE-2020-11023

Trust: 0.1

db:PACKETSTORMid:159727

Trust: 0.1

db:PACKETSTORMid:158282

Trust: 0.1

sources: VULHUB: VHN-163560 // VULMON: CVE-2020-11023 // JVNDB: JVNDB-2020-005056 // PACKETSTORM: 162651 // PACKETSTORM: 161830 // PACKETSTORM: 159727 // PACKETSTORM: 158282 // PACKETSTORM: 159275 // PACKETSTORM: 171213 // PACKETSTORM: 171212 // NVD: CVE-2020-11023

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-11023

Trust: 1.4

url:https://www.debian.org/security/2020/dsa-4693

Trust: 1.3

url:https://github.com/jquery/jquery/security/advisories/ghsa-jpcq-cgw6-v4j6

Trust: 1.2

url:https://security.netapp.com/advisory/ntap-20200511-0006/

Trust: 1.2

url:https://www.drupal.org/sa-core-2020-002

Trust: 1.2

url:https://www.tenable.com/security/tns-2021-02

Trust: 1.2

url:https://www.tenable.com/security/tns-2021-10

Trust: 1.2

url:https://security.gentoo.org/glsa/202007-03

Trust: 1.2

url:http://packetstormsecurity.com/files/162160/jquery-1.0.3-cross-site-scripting.html

Trust: 1.2

url:https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Trust: 1.2

url:https://jquery.com/upgrade-guide/3.5/

Trust: 1.2

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.2

url:https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html

Trust: 1.2

url:https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/

Trust: 1.1

url:https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3cissues.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3cdev.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3cissues.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3cgitbox.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3cissues.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3cissues.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3cissues.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3cissues.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3cissues.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3cgitbox.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3cgitbox.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3cgitbox.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3cgitbox.hive.apache.org%3e

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/

Trust: 1.1

url:https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3cissues.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3ccommits.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3cissues.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3cgitbox.hive.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3cissues.hive.apache.org%3e

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/

Trust: 1.1

url:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3ccommits.nifi.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3cdev.felix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3cdev.felix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3cdev.felix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3cdev.felix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3cdev.felix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3cdev.felix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3ccommits.felix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3cdev.felix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e

Trust: 1.1

url:https://jvn.jp/vu/jvnvu99394498/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu94912830/

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-306-01

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.5

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-11022

Trust: 0.4

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-11358

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11358

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8203

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-38750

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14042

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1471

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14040

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1438

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-3916

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-40150

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-40149

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25857

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-46175

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-35065

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-45047

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-46364

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-44906

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-44906

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-0091

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24785

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-3782

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42004

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2764

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2764

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-4137

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-46363

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1471

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-0264

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-38751

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1274

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-37603

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-45693

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-38749

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-31129

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-35065

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42003

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1438

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-25857

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14042

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-24785

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14040

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1274

Trust: 0.2

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/

Trust: 0.1

url:https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3ccommits.felix.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3cdev.felix.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3cdev.felix.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3cdev.felix.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3cdev.felix.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3cdev.felix.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3cdev.felix.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3cdev.felix.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3ccommits.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3cdev.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3cgitbox.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3cgitbox.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3cgitbox.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3cgitbox.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3cgitbox.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3cgitbox.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3cissues.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3cissues.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3cissues.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3cissues.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3cissues.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3cissues.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3cissues.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3cissues.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3cissues.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3cissues.hive.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3ccommits.nifi.apache.org%3e

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://github.com/cybernegro/cve-2020-11023

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1846

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0860

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8768

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8535

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10743

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20657

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8611

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8676

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1549

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-9251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17451

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20060

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19519

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11070

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1547

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7664

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8607

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12052

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15366

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8690

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13752

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8601

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3822

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11324

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7146

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1010204

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11324

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11236

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8524

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-10739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16890

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5481

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8536

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8686

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8671

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12447

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8544

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12049

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8571

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-19519

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2013-0169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8677

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5436

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13753

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11459

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12447

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8679

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12795

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20657

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6454

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12450

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20483

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8619

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4298

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8622

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1010180

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7598

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8681

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3825

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18074

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6237

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6706

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20337

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8559

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8687

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13822

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16769

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8672

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14822

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8608

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7662

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8615

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12449

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7665

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8666

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8457

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5953

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15847

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14498

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8735

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11236

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12245

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8726

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1010204

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8596

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8696

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8610

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18408

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13636

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1563

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16890

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11070

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14498

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7149

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16056

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-10739

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20337

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18074

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11110

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19959

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8675

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8563

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10531

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1010180

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12449

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10715

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8609

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9283

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8587

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8506

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8583

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-9251

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11008

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11459

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8597

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9547

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9546

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9547

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=core.service.rhsso&version=7.4

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10748

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9548

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9548

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8840

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9546

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1694

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8840

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10748

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1714

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2813

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1714

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1694

Trust: 0.1

url:https://access.redhat.com/articles/2974891

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8203

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14333

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14333

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2237

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:1049

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2237

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-31129

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:1043

Trust: 0.1

sources: VULHUB: VHN-163560 // VULMON: CVE-2020-11023 // JVNDB: JVNDB-2020-005056 // PACKETSTORM: 162651 // PACKETSTORM: 161830 // PACKETSTORM: 159727 // PACKETSTORM: 158282 // PACKETSTORM: 159275 // PACKETSTORM: 171213 // PACKETSTORM: 171212 // NVD: CVE-2020-11023

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 162651 // PACKETSTORM: 161830 // PACKETSTORM: 159727 // PACKETSTORM: 158282 // PACKETSTORM: 159275 // PACKETSTORM: 171213 // PACKETSTORM: 171212

SOURCES

db:VULHUBid:VHN-163560
db:VULMONid:CVE-2020-11023
db:JVNDBid:JVNDB-2020-005056
db:PACKETSTORMid:162651
db:PACKETSTORMid:161830
db:PACKETSTORMid:159727
db:PACKETSTORMid:158282
db:PACKETSTORMid:159275
db:PACKETSTORMid:171213
db:PACKETSTORMid:171212
db:NVDid:CVE-2020-11023

LAST UPDATE DATE

2024-11-07T21:13:29.515000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-163560date:2023-02-03T00:00:00
db:VULMONid:CVE-2020-11023date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-005056date:2022-02-16T03:20:00
db:NVDid:CVE-2020-11023date:2023-11-07T03:14:27.553

SOURCES RELEASE DATE

db:VULHUBid:VHN-163560date:2020-04-29T00:00:00
db:VULMONid:CVE-2020-11023date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005056date:2020-06-05T00:00:00
db:PACKETSTORMid:162651date:2021-05-19T14:04:49
db:PACKETSTORMid:161830date:2021-03-17T14:18:23
db:PACKETSTORMid:159727date:2020-10-27T16:59:02
db:PACKETSTORMid:158282date:2020-07-02T15:43:25
db:PACKETSTORMid:159275date:2020-09-24T00:30:36
db:PACKETSTORMid:171213date:2023-03-02T15:19:28
db:PACKETSTORMid:171212date:2023-03-02T15:19:19
db:NVDid:CVE-2020-11023date:2020-04-29T21:15:11.743