Project

General

Profile

Actions

Bug #17516

closed

Update jquery to 2.2.4 to fix XSS

Added by Daniel Lobato Garcia about 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Affected versions of the package (< 1.12) are vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain ajax request is performed without the dataType option causing text/javascript responses to be executed.

https://github.com/jquery/jquery/issues/2432 for more information


Related issues 1 (0 open1 closed)

Related to Foreman - Bug #17910: unable to click on puppet ca links ClosedSebastian Gräßl01/03/2017Actions
Actions #1

Updated by Daniel Lobato Garcia about 8 years ago

  • Subject changed from Update jquery to 1.12 to fix CVE to Update jquery to 1.12 to fix XSS
Actions #2

Updated by The Foreman Bot about 8 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Daniel Lobato Garcia
  • Pull request https://github.com/theforeman/foreman/pull/4065 added
Actions #3

Updated by Daniel Lobato Garcia about 8 years ago

  • Target version set to 1.4.3
Actions #4

Updated by Daniel Lobato Garcia about 8 years ago

  • Target version changed from 1.4.3 to 1.15.5
Actions #5

Updated by Anonymous about 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #6

Updated by Dominic Cleal about 8 years ago

  • Translation missing: en.field_release set to 209
Actions #7

Updated by Tomer Brisker almost 8 years ago

  • Related to Bug #17910: unable to click on puppet ca links added
Actions #8

Updated by Tomer Brisker almost 8 years ago

  • Subject changed from Update jquery to 1.12 to fix XSS to Update jquery to 2.2.4 to fix XSS

updated the subject to match the version that was upgraded to.

Actions

Also available in: Atom PDF