| Release | Version |
|---|---|
| jessie | 1.7.2+dfsg-3.2+deb8u7 |
| stretch | 3.1.1-2+deb9u2 |
| buster | 3.3.1~dfsg-3+deb10u1 |
| Bug | jessie | stretch | buster | Description |
|---|---|---|---|---|
| CVE-2020-7656 | vulnerable (no DSA, ignored) | fixed | fixed | jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ... |
| CVE-2015-9251 | vulnerable (no DSA, ignored) | fixed | fixed | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attack ... |
| CVE-2012-6708 | vulnerable (no DSA, ignored) | fixed | fixed | jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attack ... |
| Bug | jessie | stretch | buster | Description |
|---|---|---|---|---|
| CVE-2018-18405 | vulnerable | vulnerable | vulnerable | jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG ele ... |
| CVE-2007-2379 | vulnerable | vulnerable | vulnerable | The jQuery framework exchanges data using JavaScript Object Notation ( ... |
| Bug | Description |
|---|---|
| CVE-2020-11023 | In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ... |
| CVE-2020-11022 | In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ... |
| CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ... |
| CVE-2016-10707 | jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to remo ... |
| CVE-2014-6071 | jQuery 1.4.2 allows remote attackers to conduct cross-site scripting ( ... |
| CVE-2011-4969 | Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when ... |
| CVE-2008-7220 | Unspecified vulnerability in Prototype JavaScript framework (prototype ... |
| DSA / DLA | Description |
|---|---|
| DLA-2608-1 | jquery - security update |
| DLA-1777-2 | jquery - regression update |
| DLA-1777-1 | jquery - security update |
| ELA-109-1 | jquery - security update |