Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade JQuery #855

Closed
1arrow opened this issue Jul 27, 2021 · 0 comments · Fixed by #858
Closed

Upgrade JQuery #855

1arrow opened this issue Jul 27, 2021 · 0 comments · Fixed by #858

Comments

@1arrow
Copy link
Contributor

1arrow commented Jul 27, 2021

According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross-site scripting vulnerabilities.

It violates below CVEs
JQuery 3.3.1 < 3.5.0 - CVE-2020-11022, CVE-2020-11023, CVE-2019-11358

Installed Version: https://github.com/yahoo/CMAK/blob/master/build.sbt#L31
version : 3.3.1
Fixed version: 3.5.0
1arrow added a commit to 1arrow/CMAK that referenced this issue Aug 12, 2021
@1arrow
fix(jquery): Upgrade Jquery version
71232ee 
Resolves yahoo#855
@1arrow 1arrow mentioned this issue Aug 12, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(jquery): Upgrade Jquery version 1arrow/CMAK
1 participant
@1arrow