387
VMScore

CVE-2020-11023

Published: 29/04/2020 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 387
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

In jQuery versions greater than or equal to 1.0.3 and prior to 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jquery jquery

debian debian linux 9.0

fedoraproject fedora 31

fedoraproject fedora 32

fedoraproject fedora 33

drupal drupal

oracle weblogic server 12.1.3.0.0

oracle hyperion financial reporting 11.1.2.4

oracle weblogic server 12.2.1.3.0

oracle webcenter sites 12.2.1.3.0

oracle application testing suite 13.3.0.1

oracle communications operations monitor 3.4

oracle weblogic server 12.2.1.4.0

oracle webcenter sites 12.2.1.4.0

oracle weblogic server 14.1.1.0.0

oracle communications interactive session recorder

oracle communications element manager 8.2.0

oracle communications element manager 8.2.1

oracle communications element manager 8.1.1

oracle application express

oracle rest data services 12.2.0.1

oracle rest data services 12.1.0.2

oracle rest data services 11.2.0.4

oracle rest data services 18c

oracle rest data services 19c

oracle communications services gatekeeper 7.0

oracle storagetek tape analytics sw tool 2.3.1

oracle communications session report manager 8.1.1

oracle communications session report manager 8.2.0

oracle communications session report manager 8.2.1

oracle communications session route manager 8.1.1

oracle communications session route manager 8.2.0

oracle communications session route manager 8.2.1

oracle primavera gateway

oracle siebel mobile

oracle peoplesoft enterprise human capital management resources 9.2

oracle financial services regulatory reporting for de nederlandsche bank 8.0.4

oracle jd edwards enterpriseone tools

oracle banking enterprise collections

oracle jd edwards enterpriseone orchestrator

oracle banking platform

oracle communications operations monitor

oracle communications analytics 12.1.1

oracle healthcare translational research 3.3.1

oracle healthcare translational research 3.3.2

oracle healthcare translational research 3.4.0

oracle healthcare translational research 3.2.1

oracle oss support tools

oracle financial services revenue management and billing analytics 2.7

oracle financial services revenue management and billing analytics 2.8

oracle health sciences inform 6.3.0

oracle business intelligence 5.9.0.0.0

oracle communications eagle application processor

oracle storagetek acsls 8.5.1

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h300e_firmware -

netapp h500e_firmware -

netapp h700e_firmware -

netapp h410s_firmware -

netapp h410c_firmware -

netapp snap creator framework -

netapp snapcenter server -

netapp oncommand insight -

netapp oncommand system manager

netapp max data -

tenable log correlation engine

Vendor Advisories

Debian Bug report logs - #1007145 wordpress: WordPress 592 security and maintenance release Package: wordpress; Maintainer for wordpress is Craig Small &lt;csmall@debianorg&gt;; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Craig Small &lt;csmall@debianorg&gt; Date: Sat, 12 Mar 2022 02:09:02 UTC S ...
Several vulnerabilities were discovered in Drupal, a fully-featured content management framework, which could result in an open redirect or cross-site scripting For the oldstable distribution (stretch), these problems have been fixed in version 752-2+deb9u10 We recommend that you upgrade your drupal7 packages For the detailed security status of ...
A flaw was found in jQuery HTML containing &lt;option&gt; elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code The highest threat from this vulnerability is to data confidentiality and integrity (CVE-2020-11023) ...
Synopsis Moderate: python-XStatic-jQuery224 security update Type/Severity Security Advisory: Moderate Topic An update for python-XStatic-jQuery224 is now available for Red HatOpenStack Platform 161 (Train)Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulne ...
Synopsis Moderate: Red Hat OpenShift Service Mesh security update Type/Severity Security Advisory: Moderate Topic An update is now available for OpenShift Service Mesh 11Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Important: RHV Manager (ovirt-engine) [ovirt-452] bug fix and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are ...
概述 Important: Red Hat Single Sign-On 762 security update on RHEL 8 类型/严重性 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems 标题 New Red Hat Single Sign-On 762 packages are now available for Red Hat Enterprise Linux 8Red H ...
Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Synopsis Important: Red Hat Single Sign-On 741 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 74 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 for ...
Synopsis Important: RHV Manager (ovirt-engine) 44 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are now availableRed Hat Product Security has rated this update as having a security ...
Synopsis Moderate: Red Hat AMQ Interconnect 190 release and security update Type/Severity Security Advisory: Moderate Topic Red Hat AMQ Interconnect 190 release packages are available for A-MQ Interconnect on RHEL 6, 7, and 8Red Hat Product Security has rated this update as having a security impact of ...
Synopsis Important: Red Hat Single Sign-On 762 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 762 packages are now available for Red Hat Enterprise Linux 7Red Hat ...
Synopsis Important: Red Hat Single Sign-On 762 security update on RHEL 9 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 762 packages are now available for Red Hat Enterprise Linux 9Red Hat ...
Synopsis Important: Red Hat Single Sign-On 762 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 76 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis Moderate: pki-core:106 and pki-deps:106 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the pki-core:106 and pki-deps:106 modules is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Synopsis Moderate: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Virtualization Engine 44Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...
Synopsis Moderate: security update - Red Hat Ansible Tower 374-1 - RHEL7 Container Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 374-1 - RHEL7 Container Description Fixed two jQuery vulnerabilities (CVE-2020-11022, CVE-2020-11023) Improved Ansible Tower's web se ...
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-20330, CVE-2020-7676, CVE-2020-8840, CVE-2020-11022, CVE-2020-11023, CVE-2020-11619, CVE-2020-13444, CVE-2020-13445, CVE-2020-13934, CVE-2020-13935 Affected products and versions are listed below Please upgrade your version to the appropriate version ...
A potential security vulnerability has been identified for certain HP printers and MFPs In jQuery versions before 350, passing HTML from untrusted sources may execute untrusted code jQuery is a JavaScript library used to simplify website creation and execution It is open source software used in many available websites ...
A potential security vulnerability has been identified for certain HP printers and MFPs In jQuery versions before 350, passing HTML from untrusted sources may execute untrusted code jQuery is a JavaScript library used to simplify website creation and execution It is open source software used in many available websites ...
Nessus Network Monitor leverages third-party software to help provide underlying functionality One of the third-party components (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled jQuery components to add ...
Tenable Log Correlation Engine leverages third-party software to help provide underlying functionality Two separate third-party components (OpenSSL, jQuery) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled Open ...

Exploits

jQuery version 103 suffers from a cross site scripting vulnerability ...

Github Repositories

Strings_Attached An online shop and lesson hub for guitarists Source code can be found here The live project can be viewed here Purpose of Project The aim of the project is to help users on their journey to musical proficency The website consists of a shop where instruments and accessories can be purchased, and subscriptions to music lesson videos can be signed up to Links

CVE Collection of jQuery XSS Payloads

CVE Sandbox :: jQuery CVE Collection of jQuery XSS Payloads Maintained by @therceman CVE Version Details CVE-2020-11023 &gt;= 151 &lt; 350 View on Snyk CVE-2020-11022 &gt;= 151 &lt; 350 View on Snyk CVE-2019-11358 &gt;= 100 &lt; 340 View on Snyk

Hacky-Holidays-2020-Writeups TOC: Name Category Points Happy New Maldoc reversing 125 Santa's Giftshopper ppc 100 Santa Customer Support web 100 Wishes pwn 75 Reinder web 175 Note that I am only providing writeups of challenges I completely solved A lot of them contained multiple parts that I did not solve all the way through There were some really cool

Vulnearability Report of the New Jersey official site

https-njgov---CVE-2020-11023 Vulnearability Report of the New Jersey official site Potential XSS vulnerability when appending HTML containing option elements Passing HTML containing &lt;option&gt; elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (ie html(), append(), and others) may execute untrusted c

jQuery-XSS-poc

jQuery XSS jQuery with XSS, Testing and Secure Version 修复了参考版本中9521和11290无法弹窗的问题,11974新增一个payload,可以验证一些之前11974无法验证的jQuery,并新增3个新的XSSpayload 使用时只需要修改开头&lt;script&gt;标签里的src即可 Bug list: #9521 #11290 #11974 #CVE-2020-11022/CVE-2020-11023 Test version: tes

JS_Encoder Description This is a basic example of javascript, I aim to make a basic javascript encoder/decoder for various types (after learning) This will not be best pratices/clean or safe code (as I'm still learning js basics) Goals Add URL Encode/Decode Add obsfucation (simple, minify) Add methods to help with js payload creation ScreenShot &amp; Video (Click to

Little thing put together quickly to demonstrate this CVE

CVE-2020-11022 CVE-2020-11023 In jQuery versions greater than or equal to 12 and before 350, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (ie html(), append(), and others) may execute untrusted code This problem is patched in jQuery 350 In jQuery versions greater than or equal to 103 and before

Vulnearability Report of the New Jersey official site

https-njgov---CVE-2020-11023 Vulnearability Report of the New Jersey official site Potential XSS vulnerability when appending HTML containing option elements Passing HTML containing &lt;option&gt; elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (ie html(), append(), and others) may execute untrusted c

Demonstration of CVE-2020-11023

Jquery XSS - CVE-2020-11023 This is a demonstration of reproducing CVE-2020-11023 Source is mainly from this blog post Reproduce Install npm dependencies with npm install, jQuery 341 is included as a dependency Run the project with for example live server for vs code Open the site with the link 127001:5500/indexhtml?link=%3Cbutton%3EMy%20pretty%20button%20%F0%9

CVE-2020-11023 PoC for bug bounty.

CVE-2020-11023 POC Dom XSS This proof of concept, demostraste an security flaw of dom-bases XSS manipulating and using JQuery DOM Methods eg:(append, text,html) Payload i used: alert("Text: " + $("#test")text()); To test the vulnerability do the following: Open and web console, on your browser and in the scope site Go to the console window and put

100DaysofLearning Daily Checklist - ✅ i create this repo inspired by @AnubhavSingh_(githubcom/anubhavsinghhacker) and @vish_hal(githubcom/vish-hal/) bhai, what i do everyday i will update daily on my github repo Date - 28/11/2021 #solve tryhackme room (1 tyrhackme room solve - john) ✅ #read zseano print book (Toady Read Page-No 11)✅ Time - 7:24

A simple place to learn XSS

XSSPlayground A simple place to learn XSS Made for myself to learn and to help others (please do use!) Disclaimer This is a works in progress and will change over time Learn what you can! Updates 15/03/2021 - Added new layout, reworked xss 1,2,3 Screenshots Setup Host php Download the indexphp file Add to your /var/www/html folder Tip: Make a new folder called 'xss

jQuery — New Wave JavaScript This fork back-ports reported security vulnerabilities on jQuery 224 XSS CVE-2020-11022 XSS CVE-2020-11023 Prototype Polution CVE-2019-5428 XSS CVE-2017-16012 Contribution Guides In the spirit of open source software development, jQuery always encourages community code contribution To help you get started and before you jump into writ

patches for SNYK-JS-JQUERY-565129, SNYK-JS-JQUERY-567880, CVE-2020-1102, CVE-2020-11023, includes the patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428

This repository contains the patches for CVE-2020-11022 and CVE-2020-11023 which affect all jQuery versions prior 350, including the patches from DanielRuf/snyk-js-jquery-174006 These patches were generated with diff -u original patched &gt; patchfile Apply the patches You can apply the patches with patch, git apply, patch-package and composer-patches Please consult th

References

CWE-79https://jquery.com/upgrade-guide/3.5/https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6https://blog.jquery.com/2020/04/10/jquery-3-5-0-releasedhttps://security.netapp.com/advisory/ntap-20200511-0006/https://www.drupal.org/sa-core-2020-002https://www.debian.org/security/2020/dsa-4693https://www.oracle.com/security-alerts/cpujul2020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.htmlhttps://security.gentoo.org/glsa/202007-03http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.tenable.com/security/tns-2021-02https://lists.debian.org/debian-lts-announce/2021/03/msg00033.htmlhttp://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.htmlhttps://www.tenable.com/security/tns-2021-10https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3Ehttps://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3Ehttps://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3Ehttps://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3Ehttps://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3Ehttps://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3Ehttps://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3Ehttps://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3Ehttps://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3Ehttps://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3Ehttps://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3Ehttps://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3Ehttps://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3Ehttps://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3Ehttps://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3Ehttps://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3Ehttps://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3Ehttps://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3Ehttps://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3Ehttps://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3Ehttps://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3Ehttps://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3Ehttps://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3Ehttps://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3Ehttps://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3Ehttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007145https://github.com/cve-sandbox/jqueryhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-097-01https://www.debian.org/security/2020/dsa-4693