ADVISORIES

• CVE-2012-6708 (NVD)
• GHSA-2pqj-h3vj-pqgw

GEM

jquery-rails

FRAMEWORK

Ruby on Rails

SEVERITY

CVSS v3.x: 6.1 (Medium)

CVSS v2.0: 4.3 (Medium)

PATCHED VERSIONS

• ~> 2.1.4
• >= 2.2.0

DESCRIPTION

Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.

Proof of Concept

$("#log").html( $("element[attribute=’<img src=\"x\" onerror=\"alert(1)\" />’]").html() );

RELATED

• https://nvd.nist.gov/vuln/detail/cve-2012-6708
• https://github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L59
• https://github.com/rails/jquery-rails/blob/v2.2.0/vendor/assets/javascripts/jquery.js#L67
• https://github.com/advisories/GHSA-2pqj-h3vj-pqgw