Project

General

Custom queries

Profile

Actions
Copy link

Bug #17516

closed

Update jquery to 2.2.4 to fix XSS

Added by Daniel Lobato Garcia over 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Lobato Garcia
Category:
Security
Target version:
1.15.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/4065
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Affected versions of the package (< 1.12) are vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain ajax request is performed without the dataType option causing text/javascript responses to be executed.

https://github.com/jquery/jquery/issues/2432 for more information

Related issues 1 (0 open1 closed)

Related to Foreman - Bug #17910: unable to click on puppet ca links ClosedSebastian Gräßl01/03/2017Actions
#1

Updated by Daniel Lobato Garcia over 8 years ago

  • Subject changed from Update jquery to 1.12 to fix CVE to Update jquery to 1.12 to fix XSS
#2

Updated by The Foreman Bot over 8 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Daniel Lobato Garcia
  • Pull request https://github.com/theforeman/foreman/pull/4065 added
#3

Updated by Daniel Lobato Garcia over 8 years ago

  • Target version set to 1.4.3
#4

Updated by Daniel Lobato Garcia over 8 years ago

  • Target version changed from 1.4.3 to 1.15.5
#5

Updated by Anonymous over 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
#6

Updated by Dominic Cleal over 8 years ago

  • Translation missing: en.field_release set to 209
#7

Updated by Tomer Brisker over 8 years ago

  • Related to Bug #17910: unable to click on puppet ca links added
#8

Updated by Tomer Brisker over 8 years ago

  • Subject changed from Update jquery to 1.12 to fix XSS to Update jquery to 2.2.4 to fix XSS
Actions
Copy link

Also available in: Atom PDF