Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please update jQuery to 1.12.0 or higher #460

Open
tuergeist opened this issue Aug 1, 2020 · 1 comment
Open

Please update jQuery to 1.12.0 or higher #460

tuergeist opened this issue Aug 1, 2020 · 1 comment

Comments

@tuergeist
Copy link

Vulnerable javascript library: jQuery version: 1.11.3

Details:
CVE-2015-9251: jQuery versions on or above 1.4.0 and below 1.12.0 (version 1.12.3 and above but below 3.0.0-beta1 as well) are vulnerable to XSS via 3rd party text/javascript responses(3rd party CORS request may execute). (jquery/jquery#2432).
Solution: jQuery version 1.12.0 has been released to address the issue (http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/). NOTE: Fix was reverted back in 1.12.2, so version 1.12.3 and above but below 3.0.0-beta1 are vulnerable as well. Please refer to vendor documentation (https://blog.jquery.com/) for the latest security updates.

@tuergeist
Copy link
Author

we use a paid version of Jet :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant