Bug #17516
Update jquery to 2.2.4 to fix XSS
Description
Affected versions of the package (< 1.12) are vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain ajax request is performed without the dataType option causing text/javascript responses to be executed.
https://github.com/jquery/jquery/issues/2432 for more information
Related issues
Associated revisions
refs #17516 - update jquery to 2.2.x
History
#1
Updated by Daniel Lobato Garcia over 5 years ago
- Subject changed from Update jquery to 1.12 to fix CVE to Update jquery to 1.12 to fix XSS
#2
Updated by The Foreman Bot over 5 years ago
- Status changed from New to Ready For Testing
- Assignee set to Daniel Lobato Garcia
- Pull request https://github.com/theforeman/foreman/pull/4065 added
#3
Updated by Daniel Lobato Garcia over 5 years ago
- Target version set to 1.4.3
#4
Updated by Daniel Lobato Garcia over 5 years ago
- Target version changed from 1.4.3 to 1.15.5
#5
Updated by Anonymous over 5 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 9356b0b33e17d0be9c78a80da2eb7e0485c995f5.
#6
Updated by Dominic Cleal over 5 years ago
- Legacy Backlogs Release (now unused) set to 209
#7
Updated by Tomer Brisker over 5 years ago
- Related to Bug #17910: unable to click on puppet ca links added
#8
Updated by Tomer Brisker over 5 years ago
- Subject changed from Update jquery to 1.12 to fix XSS to Update jquery to 2.2.4 to fix XSS
updated the subject to match the version that was upgraded to.
Fixes #17516 - Update jquery to 2.2.4 to fix XSS
Affected versions of the package (< 1.12) are vulnerable to Cross-site
Scripting (XSS) attacks when a cross-domain ajax request is performed
without the dataType option causing text/javascript responses to be
executed.
https://github.com/jquery/jquery/issues/2432 for more information