Summary

Security Advisory ID : BSA-2020-973

Component : jQuery

Revision : 1.0

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e..html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Affected Products

Brocade Fabric OS versions after 9.0.0 and before 9.0.1a

Note: Brocade Fabric OS v8.X and v7.X are not impacted.

Products Confirmed Not Vulnerable

No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Solution

A security update is provided in Brocade Fabric OS v9.0.0 and higher releases. 

Revision History