Actions
Bug #17516
closedUpdate jquery to 2.2.4 to fix XSS
Description
Affected versions of the package (< 1.12) are vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain ajax request is performed without the dataType option causing text/javascript responses to be executed.
https://github.com/jquery/jquery/issues/2432 for more information
Updated by Daniel Lobato Garcia about 8 years ago
- Subject changed from Update jquery to 1.12 to fix CVE to Update jquery to 1.12 to fix XSS
Updated by The Foreman Bot about 8 years ago
- Status changed from New to Ready For Testing
- Assignee set to Daniel Lobato Garcia
- Pull request https://github.com/theforeman/foreman/pull/4065 added
Updated by Daniel Lobato Garcia about 8 years ago
- Target version changed from 1.4.3 to 1.15.5
Updated by Anonymous about 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 9356b0b33e17d0be9c78a80da2eb7e0485c995f5.
Updated by Dominic Cleal about 8 years ago
- Translation missing: en.field_release set to 209
Updated by Tomer Brisker almost 8 years ago
- Related to Bug #17910: unable to click on puppet ca links added
Updated by Tomer Brisker almost 8 years ago
- Subject changed from Update jquery to 1.12 to fix XSS to Update jquery to 2.2.4 to fix XSS
updated the subject to match the version that was upgraded to.
Actions