Project

General

Profile

Bug #17516

Update jquery to 2.2.4 to fix XSS

Added by Daniel Lobato Garcia over 5 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Affected versions of the package (< 1.12) are vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain ajax request is performed without the dataType option causing text/javascript responses to be executed.

https://github.com/jquery/jquery/issues/2432 for more information


Related issues

Related to Foreman - Bug #17910: unable to click on puppet ca links Closed2017-01-03

Associated revisions

Revision 9356b0b3 (diff)
Added by Daniel Lobato Garcia over 5 years ago

Fixes #17516 - Update jquery to 2.2.4 to fix XSS

Affected versions of the package (< 1.12) are vulnerable to Cross-site
Scripting (XSS) attacks when a cross-domain ajax request is performed
without the dataType option causing text/javascript responses to be
executed.

https://github.com/jquery/jquery/issues/2432 for more information

Revision 155632db (diff)
Added by Dominic Cleal over 5 years ago

refs #17516 - update jquery to 2.2.x

History

#1 Updated by Daniel Lobato Garcia over 5 years ago

  • Subject changed from Update jquery to 1.12 to fix CVE to Update jquery to 1.12 to fix XSS

#2 Updated by The Foreman Bot over 5 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Daniel Lobato Garcia
  • Pull request https://github.com/theforeman/foreman/pull/4065 added

#3 Updated by Daniel Lobato Garcia over 5 years ago

  • Target version set to 1.4.3

#4 Updated by Daniel Lobato Garcia over 5 years ago

  • Target version changed from 1.4.3 to 1.15.5

#5 Updated by Anonymous over 5 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#6 Updated by Dominic Cleal over 5 years ago

  • Legacy Backlogs Release (now unused) set to 209

#7 Updated by Tomer Brisker over 5 years ago

  • Related to Bug #17910: unable to click on puppet ca links added

#8 Updated by Tomer Brisker over 5 years ago

  • Subject changed from Update jquery to 1.12 to fix XSS to Update jquery to 2.2.4 to fix XSS

updated the subject to match the version that was upgraded to.

Also available in: Atom PDF