Already in contact with MITRE CNA to resolve the issue. This seems to be
a duplicate of CVE-2019-11358 but maybe there is a scrict CNA rules
reasoning for the two CVEs.

As such we might then just track the fixed versions for src:jquery
accordingly.